summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans Insulander <hin@cvs.openbsd.org>2000-02-25 15:15:11 +0000
committerHans Insulander <hin@cvs.openbsd.org>2000-02-25 15:15:11 +0000
commit85dd2d09f1fceff777e46c8a197ee6848658dfff (patch)
treee0fa1602a0cb31086c91e8a3bfdeffce58504b71
parentc64c2283aca15272a000c7aec3e50464c9f63a59 (diff)
Remove old KerberosIV code. (art@ ok)
-rw-r--r--kerberosIV/Makefile35
-rw-r--r--kerberosIV/Makefile.inc16
-rw-r--r--kerberosIV/acl/Makefile11
-rw-r--r--kerberosIV/acl/acl_check.3205
-rw-r--r--kerberosIV/acl/acl_files.c551
-rw-r--r--kerberosIV/acl/shlib_version2
-rw-r--r--kerberosIV/afslog/Makefile9
-rw-r--r--kerberosIV/afslog/afslog.170
-rw-r--r--kerberosIV/afslog/afslog.c226
-rw-r--r--kerberosIV/doc/Makefile42
-rw-r--r--kerberosIV/doc/ack.texi80
-rw-r--r--kerberosIV/doc/index.texi6
-rw-r--r--kerberosIV/doc/intro.texi71
-rw-r--r--kerberosIV/doc/kth-krb.texi283
-rw-r--r--kerberosIV/doc/latin1.tex95
-rw-r--r--kerberosIV/doc/otp.texi127
-rw-r--r--kerberosIV/doc/problems.texi131
-rw-r--r--kerberosIV/doc/setup.texi809
-rw-r--r--kerberosIV/doc/whatis.texi137
-rw-r--r--kerberosIV/ext_srvtab/Makefile9
-rw-r--r--kerberosIV/ext_srvtab/ext_srvtab.885
-rw-r--r--kerberosIV/ext_srvtab/ext_srvtab.c148
-rw-r--r--kerberosIV/include/Makefile5
-rw-r--r--kerberosIV/include/adm_locl.h50
-rw-r--r--kerberosIV/include/kadm_locl.h112
-rw-r--r--kerberosIV/include/kadm_server.h69
-rw-r--r--kerberosIV/include/kafs_locl.h89
-rw-r--r--kerberosIV/include/kdc.h56
-rw-r--r--kerberosIV/include/kerberosIV/Makefile16
-rw-r--r--kerberosIV/include/kerberosIV/acl.h52
-rw-r--r--kerberosIV/include/kerberosIV/kadm.h164
-rw-r--r--kerberosIV/include/kerberosIV/kafs.h103
-rw-r--r--kerberosIV/include/kerberosIV/kparse.h109
-rw-r--r--kerberosIV/include/kerberosIV/krb-protos.h741
-rw-r--r--kerberosIV/include/kerberosIV/krb.h340
-rw-r--r--kerberosIV/include/kerberosIV/krb_db.h165
-rw-r--r--kerberosIV/include/kerberosIV/prot.h93
-rw-r--r--kerberosIV/include/kerberosIV/site.h48
-rw-r--r--kerberosIV/include/klog.h75
-rw-r--r--kerberosIV/include/kprop.h45
-rw-r--r--kerberosIV/include/krb_log.h80
-rw-r--r--kerberosIV/include/ksrvutil.h60
-rw-r--r--kerberosIV/include/kuser_locl.h69
-rw-r--r--kerberosIV/include/pw_check.h44
-rw-r--r--kerberosIV/include/sl.h61
-rw-r--r--kerberosIV/include/sl_locl.h49
-rw-r--r--kerberosIV/include/slav_locl.h34
-rw-r--r--kerberosIV/include/version.h8
-rw-r--r--kerberosIV/include/xdbm.h57
-rw-r--r--kerberosIV/kadm/Makefile29
-rw-r--r--kerberosIV/kadm/check_password.c61
-rw-r--r--kerberosIV/kadm/kadm_cli_wrap.c645
-rw-r--r--kerberosIV/kadm/kadm_err.et76
-rw-r--r--kerberosIV/kadm/kadm_stream.c354
-rw-r--r--kerberosIV/kadm/kadm_supp.c123
-rw-r--r--kerberosIV/kadm/shlib_version2
-rw-r--r--kerberosIV/kadmin/Makefile25
-rw-r--r--kerberosIV/kadmin/kadmin.8180
-rw-r--r--kerberosIV/kadmin/kadmin.c862
-rw-r--r--kerberosIV/kadmin/new_pwd.c147
-rw-r--r--kerberosIV/kadmin/sl.c206
-rw-r--r--kerberosIV/kadmind/Makefile25
-rw-r--r--kerberosIV/kadmind/admin_server.c428
-rw-r--r--kerberosIV/kadmind/kadm_funcs.c451
-rw-r--r--kerberosIV/kadmind/kadm_ser_wrap.c236
-rw-r--r--kerberosIV/kadmind/kadm_server.c201
-rw-r--r--kerberosIV/kadmind/kadmind.8126
-rw-r--r--kerberosIV/kadmind/pw_check.c88
-rw-r--r--kerberosIV/kafs/Makefile15
-rw-r--r--kerberosIV/kafs/afskrb.c113
-rw-r--r--kerberosIV/kafs/afssys.c99
-rw-r--r--kerberosIV/kafs/common.c368
-rw-r--r--kerberosIV/kafs/shlib_version2
-rw-r--r--kerberosIV/kauth/Makefile15
-rw-r--r--kerberosIV/kauth/encdata.c106
-rw-r--r--kerberosIV/kauth/kauth.166
-rw-r--r--kerberosIV/kauth/kauth.c334
-rw-r--r--kerberosIV/kauth/kauth.h82
-rw-r--r--kerberosIV/kauth/marshall.c98
-rw-r--r--kerberosIV/kauth/rkinit.c228
-rw-r--r--kerberosIV/kauthd/Makefile15
-rw-r--r--kerberosIV/kauthd/inaddr2str.c75
-rw-r--r--kerberosIV/kauthd/kauthd.828
-rw-r--r--kerberosIV/kauthd/kauthd.c204
-rw-r--r--kerberosIV/kauthd/mini_inetd.c90
-rw-r--r--kerberosIV/kdb/Makefile9
-rw-r--r--kerberosIV/kdb/copykey.c56
-rw-r--r--kerberosIV/kdb/kdb_locl.h89
-rw-r--r--kerberosIV/kdb/krb_cache.c202
-rw-r--r--kerberosIV/kdb/krb_dbm.c791
-rw-r--r--kerberosIV/kdb/krb_kdb_utils.c254
-rw-r--r--kerberosIV/kdb/krb_lib.c272
-rw-r--r--kerberosIV/kdb/print_princ.c61
-rw-r--r--kerberosIV/kdb/shlib_version2
-rw-r--r--kerberosIV/kdb_destroy/Makefile8
-rw-r--r--kerberosIV/kdb_destroy/kdb_destroy.855
-rw-r--r--kerberosIV/kdb_destroy/kdb_destroy.c68
-rw-r--r--kerberosIV/kdb_edit/Makefile11
-rw-r--r--kerberosIV/kdb_edit/kdb_edit.877
-rw-r--r--kerberosIV/kdb_edit/kdb_edit.c433
-rw-r--r--kerberosIV/kdb_init/Makefile9
-rw-r--r--kerberosIV/kdb_init/kdb_init.863
-rw-r--r--kerberosIV/kdb_init/kdb_init.c196
-rw-r--r--kerberosIV/kdb_util/Makefile11
-rw-r--r--kerberosIV/kdb_util/kdb_util.886
-rw-r--r--kerberosIV/kdb_util/kdb_util.c552
-rw-r--r--kerberosIV/kdestroy/Makefile12
-rw-r--r--kerberosIV/kdestroy/kdestroy.1103
-rw-r--r--kerberosIV/kdestroy/kdestroy.c123
-rw-r--r--kerberosIV/kerberos/Makefile13
-rw-r--r--kerberosIV/kerberos/kerberos.8281
-rw-r--r--kerberosIV/kerberos/kerberos.c1021
-rw-r--r--kerberosIV/kinit/Makefile9
-rw-r--r--kerberosIV/kinit/kinit.1155
-rw-r--r--kerberosIV/kinit/kinit.c173
-rw-r--r--kerberosIV/klist/Makefile13
-rw-r--r--kerberosIV/klist/klist.1106
-rw-r--r--kerberosIV/klist/klist.c369
-rw-r--r--kerberosIV/kprop/Makefile9
-rw-r--r--kerberosIV/kprop/kprop.8130
-rw-r--r--kerberosIV/kprop/kprop.c535
-rw-r--r--kerberosIV/kpropd/Makefile9
-rw-r--r--kerberosIV/kpropd/kpropd.8106
-rw-r--r--kerberosIV/kpropd/kpropd.c343
-rw-r--r--kerberosIV/krb/Makefile110
-rw-r--r--kerberosIV/krb/base64.c150
-rw-r--r--kerberosIV/krb/check_time.c57
-rw-r--r--kerberosIV/krb/cr_err_reply.c100
-rw-r--r--kerberosIV/krb/create_auth_reply.c127
-rw-r--r--kerberosIV/krb/create_ciph.c119
-rw-r--r--kerberosIV/krb/create_death_packet.c86
-rw-r--r--kerberosIV/krb/create_ticket.c135
-rw-r--r--kerberosIV/krb/debug_decl.c49
-rw-r--r--kerberosIV/krb/decomp_ticket.c120
-rw-r--r--kerberosIV/krb/dest_tkt.c89
-rw-r--r--kerberosIV/krb/encrypt_ktext.c52
-rw-r--r--kerberosIV/krb/extra.c208
-rw-r--r--kerberosIV/krb/get_ad_tkt.c193
-rw-r--r--kerberosIV/krb/get_cred.c84
-rw-r--r--kerberosIV/krb/get_default_principal.c91
-rw-r--r--kerberosIV/krb/get_host.c368
-rw-r--r--kerberosIV/krb/get_in_tkt.c162
-rw-r--r--kerberosIV/krb/get_krbrlm.c134
-rw-r--r--kerberosIV/krb/get_svc_in_tkt.c89
-rw-r--r--kerberosIV/krb/get_tf_fullname.c89
-rw-r--r--kerberosIV/krb/get_tf_realm.c54
-rw-r--r--kerberosIV/krb/getaddrs.c122
-rw-r--r--kerberosIV/krb/getfile.c85
-rw-r--r--kerberosIV/krb/getrealm.c199
-rw-r--r--kerberosIV/krb/getst.c58
-rw-r--r--kerberosIV/krb/k_concat.c118
-rw-r--r--kerberosIV/krb/k_getport.c58
-rw-r--r--kerberosIV/krb/k_getsockinst.c77
-rw-r--r--kerberosIV/krb/k_localtime.c49
-rw-r--r--kerberosIV/krb/kdc_reply.c137
-rw-r--r--kerberosIV/krb/kerberos.3482
-rw-r--r--kerberosIV/krb/kntoln.c206
-rw-r--r--kerberosIV/krb/krb-archaeology.h157
-rw-r--r--kerberosIV/krb/krb_check_auth.c77
-rw-r--r--kerberosIV/krb/krb_equiv.c145
-rw-r--r--kerberosIV/krb/krb_err.et117
-rw-r--r--kerberosIV/krb/krb_err_txt.c313
-rw-r--r--kerberosIV/krb/krb_get_in_tkt.c197
-rw-r--r--kerberosIV/krb/krb_locl.h148
-rw-r--r--kerberosIV/krb/krb_realmofhost.3183
-rw-r--r--kerberosIV/krb/krb_sendauth.3370
-rw-r--r--kerberosIV/krb/krb_set_tkt_string.365
-rw-r--r--kerberosIV/krb/kuserok.385
-rw-r--r--kerberosIV/krb/kuserok.c165
-rw-r--r--kerberosIV/krb/lifetime.c217
-rw-r--r--kerberosIV/krb/logging.c244
-rw-r--r--kerberosIV/krb/lsb_addr_comp.c143
-rw-r--r--kerberosIV/krb/mk_auth.c101
-rw-r--r--kerberosIV/krb/mk_err.c69
-rw-r--r--kerberosIV/krb/mk_priv.c129
-rw-r--r--kerberosIV/krb/mk_req.c217
-rw-r--r--kerberosIV/krb/mk_safe.c135
-rw-r--r--kerberosIV/krb/month_sname.c52
-rw-r--r--kerberosIV/krb/name2name.c107
-rw-r--r--kerberosIV/krb/netread.c71
-rw-r--r--kerberosIV/krb/netwrite.c68
-rw-r--r--kerberosIV/krb/one.c41
-rw-r--r--kerberosIV/krb/parse_name.c208
-rw-r--r--kerberosIV/krb/rd_err.c86
-rw-r--r--kerberosIV/krb/rd_priv.c133
-rw-r--r--kerberosIV/krb/rd_req.c328
-rw-r--r--kerberosIV/krb/rd_safe.c184
-rw-r--r--kerberosIV/krb/read_service_key.c134
-rw-r--r--kerberosIV/krb/realm_parse.c81
-rw-r--r--kerberosIV/krb/recvauth.c213
-rw-r--r--kerberosIV/krb/resolve.c280
-rw-r--r--kerberosIV/krb/resolve.h96
-rw-r--r--kerberosIV/krb/rw.c148
-rw-r--r--kerberosIV/krb/save_credentials.c72
-rw-r--r--kerberosIV/krb/send_to_kdc.c477
-rw-r--r--kerberosIV/krb/sendauth.c179
-rw-r--r--kerberosIV/krb/shlib_version2
-rw-r--r--kerberosIV/krb/stime.c59
-rw-r--r--kerberosIV/krb/str2key.c106
-rw-r--r--kerberosIV/krb/strtok_r.c62
-rw-r--r--kerberosIV/krb/tf_util.3173
-rw-r--r--kerberosIV/krb/tf_util.c689
-rw-r--r--kerberosIV/krb/time.c76
-rw-r--r--kerberosIV/krb/tkt_string.c92
-rw-r--r--kerberosIV/krb/unparse_name.c118
-rw-r--r--kerberosIV/krb/util.c88
-rw-r--r--kerberosIV/krb/verify_user.c139
-rw-r--r--kerberosIV/krb/version.c5
-rw-r--r--kerberosIV/ksrvtgt/Makefile10
-rw-r--r--kerberosIV/ksrvtgt/ksrvtgt.173
-rw-r--r--kerberosIV/ksrvtgt/ksrvtgt.c81
-rw-r--r--kerberosIV/ksrvutil/Makefile21
-rw-r--r--kerberosIV/ksrvutil/ksrvutil.8124
-rw-r--r--kerberosIV/ksrvutil/ksrvutil.c612
-rw-r--r--kerberosIV/ksrvutil/ksrvutil_get.c429
-rw-r--r--kerberosIV/kstash/Makefile9
-rw-r--r--kerberosIV/kstash/kstash.863
-rw-r--r--kerberosIV/kstash/kstash.c65
-rw-r--r--kerberosIV/man/Makefile6
-rw-r--r--kerberosIV/man/kerberos.1283
-rw-r--r--kerberosIV/man/krb.conf.577
-rw-r--r--kerberosIV/man/krb.realms.564
-rw-r--r--kerberosIV/roken/get_window_size.c100
-rw-r--r--kerberosIV/roken/get_window_size.h9
-rw-r--r--kerberosIV/roken/getarg.c530
-rw-r--r--kerberosIV/roken/getarg.h73
-rw-r--r--kerberosIV/roken/parse_time.c80
-rw-r--r--kerberosIV/roken/parse_time.h56
-rw-r--r--kerberosIV/roken/parse_units.c325
-rw-r--r--kerberosIV/roken/parse_units.h78
-rw-r--r--kerberosIV/roken/resolve.c319
-rw-r--r--kerberosIV/roken/resolve.h106
-rw-r--r--kerberosIV/roken/simple_exec.c113
-rw-r--r--kerberosIV/roken/simple_exec.h7
234 files changed, 0 insertions, 34774 deletions
diff --git a/kerberosIV/Makefile b/kerberosIV/Makefile
deleted file mode 100644
index 3580da09d17..00000000000
--- a/kerberosIV/Makefile
+++ /dev/null
@@ -1,35 +0,0 @@
-# $OpenBSD: Makefile,v 1.26 1999/03/09 00:01:42 niklas Exp $
-# from @(#)Makefile 5.1 (Berkeley) 6/25/90
-
-SUBDIR=
-
-.ifmake includes
-SUBDIR+=include
-.endif
-
-SUBDIR+=acl krb kadm kafs kdb
-
-SUBDIR+=ext_srvtab kadmin kadmind kdb_destroy kdb_init kdb_edit \
- kdb_util kdestroy kerberos kinit klist kprop kpropd ksrvtgt \
- ksrvutil kstash kauth kauthd
-
-SUBDIR+=man doc
-
-LIBDIRS=acl krb kadm kafs kdb
-
-.include <bsd.own.mk> # for AFS
-
-.if (${AFS} == "yes")
-SUBDIR+=afslog
-.endif
-
-build:
- ${MAKE} cleandir
- ${MAKE} depend
- ${SUDO} ${MAKE} includes
- for dir in ${LIBDIRS}; do \
- (cd ${.CURDIR}/$$dir && ${MAKE} && ${SUDO} ${MAKE} install) \
- done
-
-.include <bsd.dep.mk>
-.include <bsd.subdir.mk>
diff --git a/kerberosIV/Makefile.inc b/kerberosIV/Makefile.inc
deleted file mode 100644
index 5ab96a40539..00000000000
--- a/kerberosIV/Makefile.inc
+++ /dev/null
@@ -1,16 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.7 1996/11/15 09:21:25 downsj Exp $
-
-CFLAGS+=-I${.CURDIR}/../include
-BINDIR?=/usr/sbin
-
-.if defined(OBJMACHINE)
-__objdir= obj.${MACHINE}
-.else
-__objdir= obj
-.endif
-
-.if (${MACHINE_ARCH} != "mips")
-COM_ERR= -lcom_err_pic
-.else
-COM_ERR= -lcom_err
-.endif
diff --git a/kerberosIV/acl/Makefile b/kerberosIV/acl/Makefile
deleted file mode 100644
index b54ee8acb4e..00000000000
--- a/kerberosIV/acl/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
-# $Id: Makefile,v 1.1 1995/12/14 06:52:36 tholo Exp $
-
-LIB= acl
-SRCS= acl_files.c
-MAN= acl_check.3
-MLINKS+=acl_check.3 acl_canonicalize_principal.3 \
- acl_check.3 acl_exact_match.3 \
- acl_check.3 acl_add.3 acl_check.3 acl_delete.3 \
- acl_check.3 acl_initialize.3
-
-.include <bsd.lib.mk>
diff --git a/kerberosIV/acl/acl_check.3 b/kerberosIV/acl/acl_check.3
deleted file mode 100644
index 617391c4b61..00000000000
--- a/kerberosIV/acl/acl_check.3
+++ /dev/null
@@ -1,205 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: acl_check.3,v 1.4 1998/02/25 15:50:28 art Exp $
-.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-acl_canonicalize_principal, acl_check, acl_exact_match, acl_add,
-acl_delete, acl_initialize \- Access control list routines
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-cc <files> \-lacl \-lkrb
-.PP
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-acl_canonicalize_principal(principal, buf)
-char *principal;
-char *buf;
-.PP
-.ft B
-acl_check(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_exact_match(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_add(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_delete(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_initialize(acl_file, mode)
-char *acl_file;
-int mode;
-.fi
-.ft R
-.SH DESCRIPTION
-.SS Introduction
-.PP
-An access control list (ACL) is a list of principals, where each
-principal is represented by a text string which cannot contain
-whitespace. The library allows application programs to refer to named
-access control lists to test membership and to atomically add and
-delete principals using a natural and intuitive interface. At
-present, the names of access control lists are required to be Unix
-filenames, and refer to human-readable Unix files; in the future, when
-a networked ACL server is implemented, the names may refer to a
-different namespace specific to the ACL service.
-.PP
-.SS Principal Names
-.PP
-Principal names have the form
-.nf
-.in +5n
-<name>[.<instance>][@<realm>]
-.in -5n
-e.g.:
-.in +5n
-asp
-asp.root
-asp@ATHENA.MIT.EDU
-asp.@ATHENA.MIT.EDU
-asp.root@ATHENA.MIT.EDU
-.in -5n
-.fi
-It is possible for principals to be underspecified. If an instance is
-missing, it is assumed to be "". If realm is missing, it is assumed
-to be the local realm as determined by
-.IR krb_get_lrealm (3).
-The canonical form contains all of name, instance,
-and realm; the acl_add and acl_delete routines will always
-leave the file in that form. Note that the canonical form of
-asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU.
-.SS Routines
-.PP
-.I acl_canonicalize_principal
-stores the canonical form of
-.I principal
-in
-.IR buf .
-.I Buf
-must contain enough
-space to store a principal, given the limits on the sizes of name,
-instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ,
-respectively, in
-.IR /usr/include/kerberosIV/kerberosIV/krb.h .
-.PP
-.I acl_check
-returns nonzero if
-.I principal
-appears in
-.IR acl .
-Returns 0 if principal
-does not appear in acl, or if an error occurs. Canonicalizes
-principal before checking, and allows the ACL to contain wildcards. The
-only supported wildcards are entries of the form
-name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for the
-its component field. For example, "jtkohl.*@*" would match principal
-jtkohl, with any instance and any realm.
-.PP
-.I acl_exact_match
-performs like
-.IR acl_check ,
-but does no canonicalization or wildcard matching.
-.PP
-.I acl_add
-atomically adds
-.I principal
-to
-.IR acl .
-Returns 0 if successful, nonzero otherwise. It is considered a failure
-if
-.I principal
-is already in
-.IR acl .
-This routine will canonicalize
-.IR principal ,
-but will treat wildcards literally.
-.PP
-.I acl_delete
-atomically deletes
-.I principal
-from
-.IR acl .
-Returns 0 if successful,
-nonzero otherwise. It is considered a failure if
-.I principal
-is not
-already in
-.IR acl .
-This routine will canonicalize
-.IR principal ,
-but will treat wildcards literally.
-.PP
-.I acl_initialize
-initializes
-.IR acl_file .
-If the file
-.I acl_file
-does not exist,
-.I acl_initialize
-creates it with mode
-.IR mode .
-If the file
-.I acl_file
-exists,
-.I acl_initialize
-removes all members. Returns 0 if successful,
-nonzero otherwise. WARNING: Mode argument is likely to change with
-the eventual introduction of an ACL service.
-.SH NOTES
-In the presence of concurrency, there is a very small chance that
-.I acl_add
-or
-.I acl_delete
-could report success even though it would have
-had no effect. This is a necessary side effect of using lock files
-for concurrency control rather than flock(2), which is not supported
-by NFS.
-.PP
-The current implementation caches ACLs in memory in a hash-table
-format for increased efficiency in checking membership; one effect of
-the caching scheme is that one file descriptor will be kept open for
-each ACL cached, up to a maximum of 8.
-.SH SEE ALSO
-kerberos(3), krb_get_lrealm(3)
-.SH AUTHOR
-James Aspnes (MIT Project Athena)
diff --git a/kerberosIV/acl/acl_files.c b/kerberosIV/acl/acl_files.c
deleted file mode 100644
index 21252e0975e..00000000000
--- a/kerberosIV/acl/acl_files.c
+++ /dev/null
@@ -1,551 +0,0 @@
-/* $OpenBSD: acl_files.c,v 1.8 1998/02/25 15:50:30 art Exp $ */
-/* $KTH: acl_files.c,v 1.10 1997/05/02 14:28:56 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <unistd.h>
-#include <sys/types.h>
-#include <time.h>
-#include <fcntl.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-
-#include <errno.h>
-#include <ctype.h>
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/acl.h>
-
-#define min(a,b) (a < b ? a : b)
-
-/*** Routines for manipulating access control list files ***/
-
-/* "aname.inst@realm" */
-#define MAX_PRINCIPAL_SIZE (ANAME_SZ + INST_SZ + REALM_SZ + 3)
-#define INST_SEP '.'
-#define REALM_SEP '@'
-
-#define LINESIZE 2048 /* Maximum line length in an acl file */
-
-#define NEW_FILE "%s.~NEWACL~" /* Format for name of altered acl file */
-#define WAIT_TIME 300 /* Maximum time allowed write acl file */
-
-#define CACHED_ACLS 8 /* How many acls to cache */
- /* Each acl costs 1 open file descriptor */
-#define ACL_LEN 16 /* Twice a reasonable acl length */
-
-#define COR(a,b) ((a!=NULL)?(a):(b))
-
-/* Canonicalize a principal name */
-/* If instance is missing, it becomes "" */
-/* If realm is missing, it becomes the local realm */
-/* Canonicalized form is put in canon, which must be big enough to hold
- MAX_PRINCIPAL_SIZE characters */
-void
-acl_canonicalize_principal(char *principal, char *canon)
-{
- char *dot, *atsign, *end;
- char *orgcanon = canon;
- int len;
-
- dot = strchr(principal, INST_SEP);
- atsign = strchr(principal, REALM_SEP);
-
- /* Maybe we're done already */
- if(dot != NULL && atsign != NULL) {
- if(dot < atsign) {
- /* It's for real */
- /* Copy into canon */
- strncpy(canon, principal, MAX_PRINCIPAL_SIZE);
- orgcanon[MAX_PRINCIPAL_SIZE - 1] = '\0';
- return;
- } else {
- /* Nope, it's part of the realm */
- dot = NULL;
- }
- }
-
- /* No such luck */
- end = principal + strlen(principal);
-
- /* Get the principal name */
- len = min(ANAME_SZ, COR(dot, COR(atsign, end)) - principal);
- strncpy(canon, principal, len);
- canon += len;
-
- /* Add INST_SEP */
- *canon++ = INST_SEP;
-
- /* Get the instance, if it exists */
- if(dot != NULL) {
- ++dot;
- len = min(INST_SZ, COR(atsign, end) - dot);
- strncpy(canon, dot, len);
- canon += len;
- }
-
- /* Add REALM_SEP */
- *canon++ = REALM_SEP;
-
- /* Get the realm, if it exists */
- /* Otherwise, default to local realm */
- if(atsign != NULL) {
- ++atsign;
- len = min(REALM_SZ, end - atsign);
- strncpy(canon, atsign, len);
- canon += len;
- *canon++ = '\0';
- } else if(krb_get_lrealm(canon, 1) != KSUCCESS) {
- strncpy(canon, KRB_REALM, MAX_PRINCIPAL_SIZE - (canon - orgcanon));
- }
- orgcanon[MAX_PRINCIPAL_SIZE - 1] = '\0';
-}
-
-/* Get a lock to modify acl_file */
-/* Return new FILE pointer */
-/* or NULL if file cannot be modified */
-/* REQUIRES WRITE PERMISSION TO CONTAINING DIRECTORY */
-static
-FILE *acl_lock_file(char *acl_file)
-{
- struct stat s;
- char new[LINESIZE];
- int nfd;
- FILE *nf;
- int mode;
-
- if(stat(acl_file, &s) < 0) return(NULL);
- mode = s.st_mode;
- snprintf(new, sizeof(new), NEW_FILE, acl_file);
- for(;;) {
- /* Open the new file */
- if((nfd = open(new, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) {
- if(errno == EEXIST) {
- /* Maybe somebody got here already, maybe it's just old */
- if(stat(new, &s) < 0) return(NULL);
- if(time(0) - s.st_ctime > WAIT_TIME) {
- /* File is stale, kill it */
- unlink(new);
- continue;
- } else {
- /* Wait and try again */
- sleep(1);
- continue;
- }
- } else {
- /* Some other error, we lose */
- return(NULL);
- }
- }
-
- /* If we got to here, the lock file is ours and ok */
- /* Reopen it under stdio */
- if((nf = fdopen(nfd, "w")) == NULL) {
- /* Oops, clean up */
- unlink(new);
- }
- return(nf);
- }
-}
-
-/* Abort changes to acl_file written onto FILE *f */
-/* Returns 0 if successful, < 0 otherwise */
-/* Closes f */
-static int
-acl_abort(char *acl_file, FILE *f)
-{
- char new[LINESIZE];
- int ret;
- struct stat s;
-
- /* make sure we aren't nuking someone else's file */
- if(fstat(fileno(f), &s) < 0
- || s.st_nlink == 0) {
- fclose(f);
- return(-1);
- } else {
- snprintf(new, sizeof(new), NEW_FILE, acl_file);
- ret = unlink(new);
- fclose(f);
- return(ret);
- }
-}
-
-/* Commit changes to acl_file written onto FILE *f */
-/* Returns zero if successful */
-/* Returns > 0 if lock was broken */
-/* Returns < 0 if some other error occurs */
-/* Closes f */
-static int
-acl_commit(char *acl_file, FILE *f)
-{
- char new[LINESIZE];
- int ret;
- struct stat s;
-
- snprintf(new, sizeof(new), NEW_FILE, acl_file);
- if(fflush(f) < 0
- || fstat(fileno(f), &s) < 0
- || s.st_nlink == 0) {
- acl_abort(acl_file, f);
- return(-1);
- }
-
- ret = rename(new, acl_file);
- fclose(f);
- return(ret);
-}
-
-/* Initialize an acl_file */
-/* Creates the file with permissions perm if it does not exist */
-/* Erases it if it does */
-/* Returns return value of acl_commit */
-int
-acl_initialize(char *acl_file, int perm)
-{
- FILE *new;
- int fd;
-
- /* Check if the file exists already */
- if((new = acl_lock_file(acl_file)) != NULL) {
- return(acl_commit(acl_file, new));
- } else {
- /* File must be readable and writable by owner */
- if((fd = open(acl_file, O_CREAT|O_EXCL, perm|0600)) < 0) {
- return(-1);
- } else {
- close(fd);
- return(0);
- }
- }
-}
-
-/* Eliminate all whitespace character in buf */
-/* Modifies its argument */
-static void
- nuke_whitespace(char *buf)
-{
- char *pin, *pout;
-
- for(pin = pout = buf; *pin != '\0'; pin++)
- if(!isspace(*pin)) *pout++ = *pin;
- *pout = '\0'; /* Terminate the string */
-}
-
-/* Hash table stuff */
-
-struct hashtbl {
- int size; /* Max number of entries */
- int entries; /* Actual number of entries */
- char **tbl; /* Pointer to start of table */
-};
-
-/* Make an empty hash table of size s */
-static struct hashtbl *
-make_hash(int size)
-{
- struct hashtbl *h;
-
- if(size < 1) size = 1;
- h = (struct hashtbl *) malloc(sizeof(struct hashtbl));
- h->size = size;
- h->entries = 0;
- h->tbl = (char **) calloc(size, sizeof(char *));
- return(h);
-}
-
-/* Destroy a hash table */
-static void
-destroy_hash(struct hashtbl *h)
-{
- int i;
-
- for(i = 0; i < h->size; i++) {
- if(h->tbl[i] != NULL) {
- free(h->tbl[i]);
- h->tbl[i] = NULL;
- }
- }
- free(h->tbl);
- h->tbl = NULL;
- free(h);
- h = NULL;
-}
-
-/* Compute hash value for a string */
-static unsigned int
-hashval(char *s)
-{
- unsigned hv;
-
- for(hv = 0; *s != '\0'; s++) {
- hv ^= ((hv << 3) ^ *s);
- }
- return(hv);
-}
-
-/* Add an element to a hash table */
-static void
-add_hash(struct hashtbl *h, char *el)
-{
- unsigned hv;
- char *s;
- char **old;
- int i;
-
- /* Make space if it isn't there already */
- if(h->entries + 1 > (h->size >> 1)) {
- old = h->tbl;
- h->tbl = (char **) calloc(h->size << 1, sizeof(char *));
- for(i = 0; i < h->size; i++) {
- if(old[i] != NULL) {
- hv = hashval(old[i]) % (h->size << 1);
- while(h->tbl[hv] != NULL) hv = (hv+1) % (h->size << 1);
- h->tbl[hv] = old[i];
- }
- }
- h->size = h->size << 1;
- free(old);
- old = NULL;
- }
-
- hv = hashval(el) % h->size;
- while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size;
- s = strdup(el);
- if (s != NULL) {
- h->tbl[hv] = s;
- h->entries++;
- }
-}
-
-/* Returns nonzero if el is in h */
-static int
-check_hash(struct hashtbl *h, char *el)
-{
- unsigned hv;
-
- for(hv = hashval(el) % h->size;
- h->tbl[hv] != NULL;
- hv = (hv + 1) % h->size) {
- if(!strcmp(h->tbl[hv], el)) return(1);
- }
- return(0);
-}
-
-struct acl {
- char filename[LINESIZE]; /* Name of acl file */
- int fd; /* File descriptor for acl file */
- struct stat status; /* File status at last read */
- struct hashtbl *acl; /* Acl entries */
-};
-
-static struct acl acl_cache[CACHED_ACLS];
-
-static int acl_cache_count = 0;
-static int acl_cache_next = 0;
-
-/* Returns < 0 if unsuccessful in loading acl */
-/* Returns index into acl_cache otherwise */
-/* Note that if acl is already loaded, this is just a lookup */
-static int
-acl_load(char *name)
-{
- int i;
- FILE *f;
- struct stat s;
- char buf[MAX_PRINCIPAL_SIZE];
- char canon[MAX_PRINCIPAL_SIZE];
-
- /* See if it's there already */
- for(i = 0; i < acl_cache_count; i++) {
- if(!strcmp(acl_cache[i].filename, name)
- && acl_cache[i].fd >= 0) goto got_it;
- }
-
- /* It isn't, load it in */
- /* maybe there's still room */
- if(acl_cache_count < CACHED_ACLS) {
- i = acl_cache_count++;
- } else {
- /* No room, clean one out */
- i = acl_cache_next;
- acl_cache_next = (acl_cache_next + 1) % CACHED_ACLS;
- close(acl_cache[i].fd);
- if(acl_cache[i].acl) {
- destroy_hash(acl_cache[i].acl);
- acl_cache[i].acl = (struct hashtbl *) 0;
- }
- }
-
- /* Set up the acl */
- strncpy(acl_cache[i].filename, name, LINESIZE);
- acl_cache[i].filename[LINESIZE - 1] = '\0';
- if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
- /* Force reload */
- acl_cache[i].acl = (struct hashtbl *) 0;
-
- got_it:
- /*
- * See if the stat matches
- *
- * Use stat(), not fstat(), as the file may have been re-created by
- * acl_add or acl_delete. If this happens, the old inode will have
- * no changes in the mod-time and the following test will fail.
- */
- if(stat(acl_cache[i].filename, &s) < 0) return(-1);
- if(acl_cache[i].acl == (struct hashtbl *) 0
- || s.st_nlink != acl_cache[i].status.st_nlink
- || s.st_mtime != acl_cache[i].status.st_mtime
- || s.st_ctime != acl_cache[i].status.st_ctime) {
- /* Gotta reload */
- if(acl_cache[i].fd >= 0) close(acl_cache[i].fd);
- if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
- if((f = fdopen(acl_cache[i].fd, "r")) == NULL) return(-1);
- if(acl_cache[i].acl) destroy_hash(acl_cache[i].acl);
- acl_cache[i].acl = make_hash(ACL_LEN);
- while(fgets(buf, sizeof(buf), f) != NULL) {
- nuke_whitespace(buf);
- acl_canonicalize_principal(buf, canon);
- add_hash(acl_cache[i].acl, canon);
- }
- fclose(f);
- acl_cache[i].status = s;
- }
- return(i);
-}
-
-/* Returns nonzero if it can be determined that acl contains principal */
-/* Principal is not canonicalized, and no wildcarding is done */
-int
-acl_exact_match(char *acl, char *principal)
-{
- int idx;
-
- return((idx = acl_load(acl)) >= 0
- && check_hash(acl_cache[idx].acl, principal));
-}
-
-/* Returns nonzero if it can be determined that acl contains principal */
-/* Recognizes wildcards in acl of the form
- name.*@realm, *.*@realm, and *.*@* */
-int
-acl_check(char *acl, char *principal)
-{
- char buf[MAX_PRINCIPAL_SIZE];
- char canon[MAX_PRINCIPAL_SIZE];
- char *realm;
-
- acl_canonicalize_principal(principal, canon);
-
- /* Is it there? */
- if(acl_exact_match(acl, canon)) return(1);
-
- /* Try the wildcards */
- realm = strchr(canon, REALM_SEP);
- *strchr(canon, INST_SEP) = '\0'; /* Chuck the instance */
-
- snprintf(buf, sizeof(buf), "%s.*%s", canon, realm);
- if(acl_exact_match(acl, buf)) return(1);
-
- snprintf(buf, sizeof(buf), "*.*%s", realm);
- if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1);
-
- return(0);
-}
-
-/* Adds principal to acl */
-/* Wildcards are interpreted literally */
-int
-acl_add(char *acl, char *principal)
-{
- int idx;
- int i;
- FILE *new;
- char canon[MAX_PRINCIPAL_SIZE];
-
- acl_canonicalize_principal(principal, canon);
-
- if((new = acl_lock_file(acl)) == NULL) return(-1);
- if((acl_exact_match(acl, canon))
- || (idx = acl_load(acl)) < 0) {
- acl_abort(acl, new);
- return(-1);
- }
- /* It isn't there yet, copy the file and put it in */
- for(i = 0; i < acl_cache[idx].acl->size; i++) {
- if(acl_cache[idx].acl->tbl[i] != NULL) {
- if(fputs(acl_cache[idx].acl->tbl[i], new) == EOF
- || putc('\n', new) != '\n') {
- acl_abort(acl, new);
- return(-1);
- }
- }
- }
- fputs(canon, new);
- putc('\n', new);
- return(acl_commit(acl, new));
-}
-
-/* Removes principal from acl */
-/* Wildcards are interpreted literally */
-int
-acl_delete(char *acl, char *principal)
-{
- int idx;
- int i;
- FILE *new;
- char canon[MAX_PRINCIPAL_SIZE];
-
- acl_canonicalize_principal(principal, canon);
-
- if((new = acl_lock_file(acl)) == NULL) return(-1);
- if((!acl_exact_match(acl, canon))
- || (idx = acl_load(acl)) < 0) {
- acl_abort(acl, new);
- return(-1);
- }
- /* It isn't there yet, copy the file and put it in */
- for(i = 0; i < acl_cache[idx].acl->size; i++) {
- if(acl_cache[idx].acl->tbl[i] != NULL
- && strcmp(acl_cache[idx].acl->tbl[i], canon)) {
- fputs(acl_cache[idx].acl->tbl[i], new);
- putc('\n', new);
- }
- }
- return(acl_commit(acl, new));
-}
diff --git a/kerberosIV/acl/shlib_version b/kerberosIV/acl/shlib_version
deleted file mode 100644
index 890c57389b5..00000000000
--- a/kerberosIV/acl/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
-major=4
-minor=1
diff --git a/kerberosIV/afslog/Makefile b/kerberosIV/afslog/Makefile
deleted file mode 100644
index 01bbd7c6fd5..00000000000
--- a/kerberosIV/afslog/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.2 1998/09/19 02:42:18 rahnds Exp $
-
-PROG= afslog
-DPADD= ${LIBKRB} ${LIBDES} ${LIBKAFS}
-LDADD= -lkafs -lkrb -ldes
-BINDIR= /usr/bin
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/afslog/afslog.1 b/kerberosIV/afslog/afslog.1
deleted file mode 100644
index 146f6179c02..00000000000
--- a/kerberosIV/afslog/afslog.1
+++ /dev/null
@@ -1,70 +0,0 @@
-.\" $OpenBSD: afslog.1,v 1.4 1999/07/09 13:35:58 aaron Exp $
-.\" $KTH: afslog.1,v 1.2 1996/11/28 13:44:40 assar Exp $
-.\"
-.Dd April 27, 1996
-.Dt AFSLOG 1
-.Os
-.Sh NAME
-.Nm afslog
-.Nd
-obtains AFS tokens for specified cells
-.Sh SYNOPSIS
-.Nm afslog
-.Op Fl d
-.Op Fl c Ar cell
-.Op Fl k Ar realm
-.Op Fl p Pa path
-.Op Fl unlog
-.Op Fl createuser
-.Op Ar args
-.Sh DESCRIPTION
-The
-.Nm
-command obtains AFS tokens,
-.Ar args
-are either a name of a cell or a pathnames of a file in the cell to
-get tokens for. If an argument is
-.Li .
-or
-.Li ..
-or contains a slash it is assumed to be a pathname. Otherwise it is
-assumed to be a name of a cell or a prefix thereof.
-.Pp
-The
-.Fl c
-and
-.Fl p
-flags can be used to resolve ambiguities.
-.Pp
-.Nm
-might fail to guess the Kerberos realm to get tickets for (for
-instance if the volume location servers of the cell does not reside in
-the kerberos realm that holds the AFS service key, and the correct
-realm isn't the same as the cell name or the local realm (I didn't say
-this was a common problem)). Anyway, the
-.Fl k
-can be used to give a hint. It should not be used unless there is a
-problem, since all tickets will be taken from the specified realm and
-this is not (usually) what you want.
-.Pp
-.Fl createuser
-means that
-.Nm
-should try to run
-.Nm pts
-to create a remote user principal in another cell.
-.Fl d
-can be used for debugging.
-.Pp
-If the
-.Fl unlog
-flag is given any tokens are removed and all other arguments are ignored.
-.Sh BUGS
-It should be able to handle the MIT Athena
-.Nm aklog
-flags
-.Fl hosts ,
-.Fl zsubs ,
-and
-.Fl noprdb ,
-but does not.
diff --git a/kerberosIV/afslog/afslog.c b/kerberosIV/afslog/afslog.c
deleted file mode 100644
index edf1d4ff7c1..00000000000
--- a/kerberosIV/afslog/afslog.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/* $OpenBSD: afslog.c,v 1.1 1998/03/12 14:36:17 art Exp $ */
-/* $KTH: aklog.c,v 1.20 1997/12/09 10:36:25 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <sys/ioccom.h>
-#include <pwd.h>
-#include <err.h>
-#include <kerberosIV/krb.h>
-#include <kerberosIV/kafs.h>
-
-static int debug = 0;
-
-static void
-DEBUG(const char *, ...)
-#ifdef __GNUC__
-__attribute__ ((format (printf, 1, 2)))
-#endif
-;
-
-static void
-DEBUG(const char *fmt, ...)
-{
- va_list ap;
- if (debug) {
- va_start(ap, fmt);
- vwarnx(fmt, ap);
- va_end(ap);
- }
-}
-
-static char *
-expand_cell_name(char *cell)
-{
- FILE *f;
- static char buf[128];
- char *p;
-
- f = fopen(_PATH_CELLSERVDB, "r");
- if(f == NULL)
- return cell;
- while(fgets(buf, sizeof(buf), f) != NULL) {
- if(buf[0] == '>') {
- for(p=buf; *p && *p != ' ' && *p != '\t' && *p != '\n'; p++);
- *p = '\0';
- if(strstr(buf, cell)){
- fclose(f);
- return buf + 1;
- }
- }
- buf[0] = 0;
- }
- fclose(f);
- return cell;
-}
-
-char *
-strlwr(char *str)
-{
- char *s;
-
- for(s = str; *s; s++)
- *s = tolower(*s);
- return str;
-}
-
-static int
-createuser (char *cell)
-{
- char cellbuf[64];
- char name[ANAME_SZ];
- char instance[INST_SZ];
- char realm[REALM_SZ];
- char cmd[1024];
-
- if (cell == NULL) {
- FILE *f;
- int len;
-
- f = fopen (_PATH_THISCELL, "r");
- if (f == NULL)
- err (1, "open(%s)", _PATH_THISCELL);
- if (fgets (cellbuf, sizeof(cellbuf), f) == NULL)
- err (1, "read cellname from %s", _PATH_THISCELL);
- len = strlen(cellbuf);
- if (cellbuf[len-1] == '\n')
- cellbuf[len-1] = '\0';
- cell = cellbuf;
- }
-
- if(krb_get_default_principal(name, instance, realm))
- errx (1, "Could not even figure out who you are");
-
- snprintf (cmd, sizeof(cmd),
- "pts createuser %s%s%s@%s -cell %s",
- name, *instance ? "." : "", instance, strlwr(realm),
- cell);
- DEBUG("Executing %s", cmd);
- return system(cmd);
-}
-
-int
-main(int argc, char **argv)
-{
- int i;
- int do_aklog = -1;
- int do_createuser = -1;
- char *cell = NULL;
- char *realm = NULL;
- char cellbuf[64];
-
- if(!k_hasafs())
- exit(1);
-
- for(i = 1; i < argc; i++){
- if(!strncmp(argv[i], "-createuser", 11)){
- do_createuser = do_aklog = 1;
-
- }else if(!strncmp(argv[i], "-c", 2) && i + 1 < argc){
- cell = expand_cell_name(argv[++i]);
- do_aklog = 1;
-
- }else if(!strncmp(argv[i], "-k", 2) && i + 1 < argc){
- realm = argv[++i];
-
- }else if(!strncmp(argv[i], "-p", 2) && i + 1 < argc){
- if(k_afs_cell_of_file(argv[++i], cellbuf, sizeof(cellbuf)))
- errx (1, "No cell found for file \"%s\".", argv[i]);
- else
- cell = cellbuf;
- do_aklog = 1;
-
- }else if(!strncmp(argv[i], "-unlog", 6)){
- exit(k_unlog());
-
- }else if(!strncmp(argv[i], "-hosts", 6)){
- warnx ("Argument -hosts is not implemented.");
-
- }else if(!strncmp(argv[i], "-zsubs", 6)){
- warnx("Argument -zsubs is not implemented.");
-
- }else if(!strncmp(argv[i], "-noprdb", 6)){
- warnx("Argument -noprdb is not implemented.");
-
- }else if(!strncmp(argv[i], "-d", 6)){
- debug = 1;
-
- }else{
- if(!strcmp(argv[i], ".") ||
- !strcmp(argv[i], "..") ||
- strchr(argv[i], '/')){
- DEBUG("I guess that \"%s\" is a filename.", argv[i]);
- if(k_afs_cell_of_file(argv[i], cellbuf, sizeof(cellbuf)))
- errx (1, "No cell found for file \"%s\".", argv[i]);
- else {
- cell = cellbuf;
- DEBUG("The file \"%s\" lives in cell \"%s\".", argv[i], cell);
- }
- }else{
- cell = expand_cell_name(argv[i]);
- DEBUG("I guess that %s is cell %s.", argv[i], cell);
- }
- do_aklog = 1;
- }
- if(do_aklog == 1){
- do_aklog = 0;
- if(krb_afslog(cell, realm))
- errx (1, "Failed getting tokens for cell %s in realm %s.",
- cell?cell:"(local cell)", realm?realm:"(local realm)");
- }
- if(do_createuser == 1) {
- do_createuser = 0;
- if(createuser(cell))
- errx (1, "Failed creating user in cell %s", cell?cell:"(local cell)");
- }
- }
- if(do_aklog == -1 && do_createuser == -1 && krb_afslog(0, realm))
- errx (1, "Failed getting tokens for cell %s in realm %s.",
- cell?cell:"(local cell)", realm?realm:"(local realm)");
- return 0;
-}
diff --git a/kerberosIV/doc/Makefile b/kerberosIV/doc/Makefile
deleted file mode 100644
index 2a67bb3dac3..00000000000
--- a/kerberosIV/doc/Makefile
+++ /dev/null
@@ -1,42 +0,0 @@
-# $Id: Makefile,v 1.2 1998/03/12 14:22:49 art Exp $
-
-SHELL = /bin/sh
-
-MAKEINFO = /usr/bin/makeinfo
-INSTALL-INFO = /usr/bin/install-info
-
-infodir = ${DESTDIR}/usr/share/info
-
-INSTALL = /usr/bin/install
-
-info = kth-krb.info
-
-SRCS = ack.texi \
- index.texi \
- intro.texi \
- kth-krb.texi \
- otp.texi \
- problems.texi \
- setup.texi \
- whatis.texi
-
-
-all: $(info)
-
-install: $(info)
- $(INSTALL-INFO) ${.OBJDIR}/$(info) $(infodir)/dir
- ${INSTALL} ${INSTALL_COPY} -m 444 -o ${BINOWN} -g ${BINGRP} -p ${.OBJDIR}/$(info) $(infodir)
-
-$(info): $(SRCS)
- ${MAKEINFO} -I${.CURDIR} -o ${.OBJDIR}/$@ ${.CURDIR}/kth-krb.texi
-
-clean:
- (cd ${.OBJDIR} ; rm -f *.aux *.cp *.cps *.dvi *.fn *.ky *.log *.pg *.toc *.tp *.vr *.info)
-
-cleandir: clean
-
-
-.PHONY: install all clean cleandir
-
-.include <bsd.obj.mk>
-.include <bsd.subdir.mk>
diff --git a/kerberosIV/doc/ack.texi b/kerberosIV/doc/ack.texi
deleted file mode 100644
index 388f6444bb8..00000000000
--- a/kerberosIV/doc/ack.texi
+++ /dev/null
@@ -1,80 +0,0 @@
-@node Acknowledgments, Index, Resolving frequent problems, Top
-@comment node-name, next, previous, up
-@appendix Acknowledgments
-
-People from the MIT Athena project wrote the original code that this is
-based on. @w{Kerberos 4} @w{patch-level 9} was stripped of both the
-encryption functions and the calls to them. This was exported from the
-US as the ``Bones'' release. Eric Young put back the calls and hooked
-in his libdes, thereby creating the ``eBones'' release.
-@cindex Bones
-@cindex eBones
-
-The ``rcmd'' programs where initially developed at the University of
-California at Berkeley and then hacked on by the FreeBSD and NetBSD
-projects.
-
-Berkeley also wrote @code{ftp}, @code{ftpd}, @code{telnet}, and
-@code{telnetd}. The authentication and encryption code of @code{telnet}
-and @code{telnetd} was added by David Borman (then of Cray Research,
-Inc). The encryption code was removed when this was exported and then
-added back by Juha Eskelinen, @code{<esc@@magic.fi>}.
-
-The @code{popper} was also a Berkeley program initially.
-
-The @code{login} has the same origins but has received code written by
-Wietse Venema at Eindhoven University of Technology, The Netherlands.
-
-@code{movemail} was (at least partially) written by Jonathan Kamens,
-@code{<jik@@security.ov.com>}, and is Copyright @copyright{} 1986, 1991,
-1992, 1993, 1994 Free Software Foundation, Inc.
-
-@code{xnlock} was originally written by Dan Heller in 1985 for sunview.
-The X version was written by him in 1990.
-
-Some of the functions in @file{libroken} also come from Berkeley by the
-way of NetBSD/FreeBSD.
-
-The code to handle the dynamic loading of the AFS module for AIX is
-copyright @copyright{} 1992 HELIOS Software GmbH 30159 Hannover,
-Germany.
-
-@code{editline} was written by Simmule Turner and Rich Salz.
-
-Bugfixes and code has been contributed by:
-@table @asis
-@item Derrick J Brashear
-@code{<shadow@@dementia.org>}
-@item Anders Gertz
-@code{<gertz@@lysator.liu.se>}
-@item Dejan Ilic
-@code{<svedja@@lysator.liu.se>}
-@item Kent Engström
-@code{<kent@@lysator.liu.se>}
-@item Simon Josefsson
-@code{<jas@@pdc.kth.se>}
-@item Robert Malmgren
-@code{<rom@@incolumitas.se>}
-@item Fredrik Ljungberg
-@code{<flag@@it.kth.se>}
-@item Lars Malinowsky
-@code{<lama@@pdc.kth.se>}
-@item Fabien Coelho
-@code{<coelho@@cri.ensmp.fr>}
-@item and we hope that those not mentioned here will forgive us.
-@end table
-
-Ian Marsh @code{<ianm@@sics.se>} removed the worst abuses of the English
-language from this text.
-
-Ilja Hallberg @code{<iha@@incolumitas.se>} is still promising to help us
-finish the documentation.
-
-This work was supported in part by SUNET and the Centre for Parallel
-Computers at KTH.
-
-The port to Windows 95/NT was supported by the Computer Council at KTH
-and done by Jörgen Karlsson @code{<d93-jka@@nada.kth.se>}.
-
-All the bugs were introduced by ourselves.
-
diff --git a/kerberosIV/doc/index.texi b/kerberosIV/doc/index.texi
deleted file mode 100644
index ebe5d911ce0..00000000000
--- a/kerberosIV/doc/index.texi
+++ /dev/null
@@ -1,6 +0,0 @@
-@node Index, , Acknowledgments, Top
-@comment node-name, next, previous, up
-@unnumbered Index
-
-@printindex cp
-
diff --git a/kerberosIV/doc/intro.texi b/kerberosIV/doc/intro.texi
deleted file mode 100644
index 24af52fd219..00000000000
--- a/kerberosIV/doc/intro.texi
+++ /dev/null
@@ -1,71 +0,0 @@
-@node Introduction, What is Kerberos?, Top, Top
-@comment node-name, next, previous, up
-@chapter Introduction
-
-This is an attempt at documenting the Kerberos 4 distribution from
-Kungliga Tekniska Högskolan (the Royal Institute of Technology in
-Stockholm, Sweden). This distribution is based on eBones, but has been
-improved in many ways. It is more portable, and several new features
-have been added. It currently runs on the following systems:
-
-@itemize @bullet
-@item
-OpenBSD 2.1 and newer (fully integrated)
-@item
-AIX 4.1, 4.2
-@item
-BSD/OS 2.0, 2.1
-@item
-Digital UNIX 3.2, 4.0
-@item
-HP-UX 9, 10
-@item
-IRIX 4.0, 5.2, 5.3, 6.1, 6.2, 6.3, 6.4
-@item
-Linux 1.3, 2.0
-@item
-NetBSD 1.2
-@item
-FreeBSD 2.2
-@item
-SunOS 4.1
-@item
-SunOS 5.4/5.5 (aka Solaris 2.4/2.5)
-@item
-Ultrix 4.4
-@item
-Cray UNICOS 9.
-@item
-Fujitsu UXP/V 4.1.
-@end itemize
-
-Some part compile and work on:
-
-@itemize @bullet
-@item
-OS/2 with EMX
-@item
-Windows 95/NT with gnu-win32 (with the proper amount of magic the
-libraries should compile with Microsoft C as well)
-@end itemize
-
-It should work on anything that is almost POSIX, has an ANSI C
-compiler, a dbm library (for the server side), and BSD Sockets.
-
-A web-page is available at @url{http://www.pdc.kth.se/kth-krb/}.
-
-@heading Bug reports
-
-If you cannot build the programs or they do not behave as you think they
-should, please send us a bug report. The bug report should be sent to
-@code{<kth-krb-bugs@@nada.kth.se>}. Please include information on what
-machine and operating system (including version) you are running, what
-you are trying to do, what happens, what you think should have happened,
-an example for us to repeat, the output you get when trying the example,
-and a patch for the problem if you have one. Please make any patches
-with @code{diff -u} or @code{diff -c}. The more detailed the bug report
-is, the easier it will be for us to reproduce, understand, and fix it.
-
-Suggestions, comments and other non bug reports are welcome. Send them
-to @code{<kth-krb@@nada.kth.se>}.
-
diff --git a/kerberosIV/doc/kth-krb.texi b/kerberosIV/doc/kth-krb.texi
deleted file mode 100644
index 3b4a5085676..00000000000
--- a/kerberosIV/doc/kth-krb.texi
+++ /dev/null
@@ -1,283 +0,0 @@
-\input texinfo @c -*- texinfo -*-
-@c %**start of header
-@c $Id: kth-krb.texi,v 1.1 1998/01/20 23:40:29 art Exp $
-@setfilename kth-krb.info
-@settitle KTH-KRB
-@iftex
-@afourpaper
-@end iftex
-@c some sensible characters, please?
-@tex
-\input latin1.tex
-@end tex
-@setchapternewpage on
-@syncodeindex pg cp
-@c %**end of header
-
-@ifinfo
-@dircategory Kerberos
-@direntry
-* Kth-krb: (kth-krb). The Kerberos IV distribution from KTH
-@end direntry
-@end ifinfo
-
-@c title page
-@titlepage
-@title KTH-KRB
-@subtitle Kerberos 4 from KTH
-@subtitle Edition -1.0, for version 0.9.8
-@subtitle 1997
-@author Johan Danielsson
-@author Assar Westerlund
-@author last updated $Date: 1998/01/20 23:40:29 $
-
-@def@copynext{@vskip 20pt plus 1fil@penalty-1000}
-@def@copyrightstart{}
-@def@copyrightend{}
-@page
-@copyrightstart
-Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
-(Royal Institute of Technology, Stockholm, Sweden).
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-3. All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- This product includes software developed by the Kungliga Tekniska
- Högskolan and its contributors.
-
-4. Neither the name of the Institute nor the names of its contributors
- may be used to endorse or promote products derived from this software
- without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright (C) 1995 Eric Young (eay@@mincom.oz.au)
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the copyright
- notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-3. All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- This product includes software developed by Eric Young (eay@@mincom.oz.au)
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright (c) 1983, 1990 The Regents of the University of California.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-3. All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- This product includes software developed by the University of
- California, Berkeley and its contributors.
-
-4. Neither the name of the University nor the names of its contributors
- may be used to endorse or promote products derived from this software
- without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright (C) 1990 by the Massachusetts Institute of Technology
-
-Export of this software from the United States of America is assumed
-to require a specific license from the United States Government.
-It is the responsibility of any person or organization contemplating
-export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
-@copynext
-
-Copyright 1987, 1989 by the Student Information Processing Board
- of the Massachusetts Institute of Technology
-
-Permission to use, copy, modify, and distribute this software
-and its documentation for any purpose and without fee is
-hereby granted, provided that the above copyright notice
-appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation,
-and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
-used in advertising or publicity pertaining to distribution
-of the software without specific, written prior permission.
-M.I.T. and the M.I.T. S.I.P.B. make no representations about
-the suitability of this software for any purpose. It is
-provided "as is" without express or implied warranty.
-
-@copynext
-
-Copyright 1992 Simmule Turner and Rich Salz. All rights reserved.
-
-This software is not subject to any license of the American Telephone
-and Telegraph Company or of the Regents of the University of California.
-
-Permission is granted to anyone to use this software for any purpose on
-any computer system, and to alter it and redistribute it freely, subject
-to the following restrictions:
-
-1. The authors are not responsible for the consequences of use of this
- software, no matter how awful, even if they arise from flaws in it.
-
-2. The origin of this software must not be misrepresented, either by
- explicit claim or by omission. Since few users ever read sources,
- credits must appear in the documentation.
-
-3. Altered versions must be plainly marked as such, and must not be
- misrepresented as being the original software. Since few users
- ever read sources, credits must appear in the documentation.
-
-4. This notice may not be removed or altered.
-
-@copyrightend
-@end titlepage
-
-@c Less filling! Tastes great!
-@iftex
-@parindent=0pt
-@global@parskip 6pt plus 1pt
-@global@chapheadingskip = 15pt plus 4pt minus 2pt
-@global@secheadingskip = 12pt plus 3pt minus 2pt
-@global@subsecheadingskip = 9pt plus 2pt minus 2pt
-@end iftex
-@ifinfo
-@paragraphindent 0
-@end ifinfo
-
-@ifinfo
-@node Top, Introduction, (dir), (dir)
-@top KTH-krb
-@end ifinfo
-
-@menu
-* Introduction::
-* What is Kerberos?::
-* How to set up a realm::
-* One-Time Passwords::
-* Resolving frequent problems::
-* Acknowledgments::
-* Index::
-
- --- The Detailed Node Listing ---
-
-How to set up a realm
-
-* How to set up the kerberos server::
-* Install the client programs::
-* Install the kerberised services::
-* Install a slave kerberos server::
-* Cross-realm functionality ::
-
-How to set up the kerberos server
-
-* Choose a realm name::
-* Choose a kerberos server::
-* Install the configuration files::
-* Install the /etc/services::
-* Install the kerberos server::
-* Set up the server::
-* Add a few important principals::
-* Start the server::
-* Try to get tickets::
-* Create initial ACL for the admin server::
-* Start the admin server::
-* Add users to the database::
-* Automate the startup of the servers::
-
-One-Time Passwords
-
-* What are one time passwords?::
-* When to use one time passwords?::
-* Configuring OTPs::
-
-Resolving frequent problems
-
-* Problems compiling Kerberos::
-* Common error messages::
-@end menu
-
-@include intro.texi
-@include whatis.texi
-@include setup.texi
-@include otp.texi
-@include problems.texi
-@include ack.texi
-@include index.texi
-
-@c @shortcontents
-@contents
-
-@bye
diff --git a/kerberosIV/doc/latin1.tex b/kerberosIV/doc/latin1.tex
deleted file mode 100644
index e683dd271dc..00000000000
--- a/kerberosIV/doc/latin1.tex
+++ /dev/null
@@ -1,95 +0,0 @@
-% ISO Latin 1 (ISO 8859/1) encoding for Computer Modern fonts.
-% Jan Michael Rynning <jmr@nada.kth.se> 1990-10-12
-\def\inmathmode#1{\relax\ifmmode#1\else$#1$\fi}
-\global\catcode`\^^a0=\active \global\let^^a0=~ % no-break space
-\global\catcode`\^^a1=\active \global\def^^a1{!`} % inverted exclamation mark
-\global\catcode`\^^a2=\active \global\def^^a2{{\rm\rlap/c}} % cent sign
-\global\catcode`\^^a3=\active \global\def^^a3{{\it\$}} % pound sign
-% currency sign, yen sign, broken bar
-\global\catcode`\^^a7=\active \global\let^^a7=\S % section sign
-\global\catcode`\^^a8=\active \global\def^^a8{\"{}} % diaeresis
-\global\catcode`\^^a9=\active \global\let^^a9=\copyright % copyright sign
-% feminine ordinal indicator, left angle quotation mark
-\global\catcode`\^^ac=\active \global\def^^ac{\inmathmode\neg}% not sign
-\global\catcode`\^^ad=\active \global\let^^ad=\- % soft hyphen
-% registered trade mark sign
-\global\catcode`\^^af=\active \global\def^^af{\={}} % macron
-% ...
-\global\catcode`\^^b1=\active \global\def^^b1{\inmathmode\pm} % plus minus
-\global\catcode`\^^b2=\active \global\def^^b2{\inmathmode{{^2}}}
-\global\catcode`\^^b3=\active \global\def^^b3{\inmathmode{{^3}}}
-\global\catcode`\^^b4=\active \global\def^^b4{\'{}} % acute accent
-\global\catcode`\^^b5=\active \global\def^^b5{\inmathmode\mu} % mu
-\global\catcode`\^^b6=\active \global\let^^b6=\P % pilcroy
-\global\catcode`\^^b7=\active \global\def^^b7{\inmathmode{{\cdot}}}
-\global\catcode`\^^b8=\active \global\def^^b8{\c{}} % cedilla
-\global\catcode`\^^b9=\active \global\def^^b9{\inmathmode{{^1}}}
-% ...
-\global\catcode`\^^bc=\active \global\def^^bc{\inmathmode{{1\over4}}}
-\global\catcode`\^^bd=\active \global\def^^bd{\inmathmode{{1\over2}}}
-\global\catcode`\^^be=\active \global\def^^be{\inmathmode{{3\over4}}}
-\global\catcode`\^^bf=\active \global\def^^bf{?`} % inverted question mark
-\global\catcode`\^^c0=\active \global\def^^c0{\`A}
-\global\catcode`\^^c1=\active \global\def^^c1{\'A}
-\global\catcode`\^^c2=\active \global\def^^c2{\^A}
-\global\catcode`\^^c3=\active \global\def^^c3{\~A}
-\global\catcode`\^^c4=\active \global\def^^c4{\"A} % capital a with diaeresis
-\global\catcode`\^^c5=\active \global\let^^c5=\AA % capital a with ring above
-\global\catcode`\^^c6=\active \global\let^^c6=\AE
-\global\catcode`\^^c7=\active \global\def^^c7{\c C}
-\global\catcode`\^^c8=\active \global\def^^c8{\`E}
-\global\catcode`\^^c9=\active \global\def^^c9{\'E}
-\global\catcode`\^^ca=\active \global\def^^ca{\^E}
-\global\catcode`\^^cb=\active \global\def^^cb{\"E}
-\global\catcode`\^^cc=\active \global\def^^cc{\`I}
-\global\catcode`\^^cd=\active \global\def^^cd{\'I}
-\global\catcode`\^^ce=\active \global\def^^ce{\^I}
-\global\catcode`\^^cf=\active \global\def^^cf{\"I}
-% capital eth
-\global\catcode`\^^d1=\active \global\def^^d1{\~N}
-\global\catcode`\^^d2=\active \global\def^^d2{\`O}
-\global\catcode`\^^d3=\active \global\def^^d3{\'O}
-\global\catcode`\^^d4=\active \global\def^^d4{\^O}
-\global\catcode`\^^d5=\active \global\def^^d5{\~O}
-\global\catcode`\^^d6=\active \global\def^^d6{\"O} % capital o with diaeresis
-\global\catcode`\^^d7=\active \global\def^^d7{\inmathmode\times}% multiplication sign
-\global\catcode`\^^d8=\active \global\let^^d8=\O
-\global\catcode`\^^d9=\active \global\def^^d9{\`U}
-\global\catcode`\^^da=\active \global\def^^da{\'U}
-\global\catcode`\^^db=\active \global\def^^db{\^U}
-\global\catcode`\^^dc=\active \global\def^^dc{\"U}
-\global\catcode`\^^dd=\active \global\def^^dd{\'Y}
-% capital thorn
-\global\catcode`\^^df=\active \global\def^^df{\ss}
-\global\catcode`\^^e0=\active \global\def^^e0{\`a}
-\global\catcode`\^^e1=\active \global\def^^e1{\'a}
-\global\catcode`\^^e2=\active \global\def^^e2{\^a}
-\global\catcode`\^^e3=\active \global\def^^e3{\~a}
-\global\catcode`\^^e4=\active \global\def^^e4{\"a} % small a with diaeresis
-\global\catcode`\^^e5=\active \global\let^^e5=\aa % small a with ring above
-\global\catcode`\^^e6=\active \global\let^^e6=\ae
-\global\catcode`\^^e7=\active \global\def^^e7{\c c}
-\global\catcode`\^^e8=\active \global\def^^e8{\`e}
-\global\catcode`\^^e9=\active \global\def^^e9{\'e}
-\global\catcode`\^^ea=\active \global\def^^ea{\^e}
-\global\catcode`\^^eb=\active \global\def^^eb{\"e}
-\global\catcode`\^^ec=\active \global\def^^ec{\`\i}
-\global\catcode`\^^ed=\active \global\def^^ed{\'\i}
-\global\catcode`\^^ee=\active \global\def^^ee{\^\i}
-\global\catcode`\^^ef=\active \global\def^^ef{\"\i}
-% small eth
-\global\catcode`\^^f1=\active \global\def^^f1{\~n}
-\global\catcode`\^^f2=\active \global\def^^f2{\`o}
-\global\catcode`\^^f3=\active \global\def^^f3{\'o}
-\global\catcode`\^^f4=\active \global\def^^f4{\^o}
-\global\catcode`\^^f5=\active \global\def^^f5{\~o}
-\global\catcode`\^^f6=\active \global\def^^f6{\"o} % small o with diaeresis
-\global\catcode`\^^f7=\active \global\def^^f7{\inmathmode\div}% division sign
-\global\catcode`\^^f8=\active \global\let^^f8=\o
-\global\catcode`\^^f9=\active \global\def^^f9{\`u}
-\global\catcode`\^^fa=\active \global\def^^fa{\'u}
-\global\catcode`\^^fb=\active \global\def^^fb{\^u}
-\global\catcode`\^^fc=\active \global\def^^fc{\"u}
-\global\catcode`\^^fd=\active \global\def^^fd{\'y}
-% capital thorn
-\global\catcode`\^^ff=\active \global\def^^ff{\"y}
diff --git a/kerberosIV/doc/otp.texi b/kerberosIV/doc/otp.texi
deleted file mode 100644
index 0a5929fa862..00000000000
--- a/kerberosIV/doc/otp.texi
+++ /dev/null
@@ -1,127 +0,0 @@
-@node One-Time Passwords, Resolving frequent problems, How to set up a realm, Top
-@chapter One-Time Passwords
-
-@cindex OTP
-@cindex One time passwords
-There is also support for using @dfn{one time passwords} (OTP) in this
-package. Specifically @code{login}, @code{ftpd}, and @code{popper} have
-support for using them.
-
-@menu
-* What are one time passwords?::
-* When to use one time passwords?::
-* Configuring OTPs::
-@end menu
-
-@node What are one time passwords?, When to use one time passwords?, One-Time Passwords, One-Time Passwords
-@comment node-name, next, previous, up
-@section What are one time passwords?
-
-One time passwords are, as the name implies, passwords that can only
-be used once. This means that even if someone is eavesdropping on the
-network, they will not be able to make use of the passwords they steal.
-
-The OTPs used in this package support @cite{RFC 1938}. This standard is
-also backwards compatible with the well-known S/Key. There are lots of
-programs for generating these on everything from HP 48's to Crays.
-@cindex S/Key
-
-@node When to use one time passwords?, Configuring OTPs, What are one time passwords?, One-Time Passwords
-@comment node-name, next, previous, up
-@section When to use one time passwords?
-
-Why would you want to use OTPs instead of Kerberos? The advantage of
-OTPs is that they don't require a computer to operate. You can print
-out a list of passwords and take with you, or you could use your
-calculator or hand-held computer to generate them.
-
-The downside is that they only protect you against passive attacks.
-Only the initial connection is authenticated. After that, anyone can
-eavesdrop on your session, so you should not send or view any sensitive
-data (e.g. passwords) over a OTP-initiated link. You are also
-vulnerable to active attacks where intruders try to take over your
-TCP-session and/or introduce data in the middle of it. In other words,
-they provide initial authentication, but neither integrity nor
-confidentiality.
-
-The OTPs are generated from the tuple (@var{seed}, @var{sequence
-number}, @var{pass-phrase}). The seed and the sequence number will be
-printed as part of the @dfn{challenge} and you will have to generate the
-corresponding password or pick it from a list.
-
-In conclusion, they are simple and can be used everywhere but don't
-protect against all threats that Kerberos does. Use them when you can't
-use Kerberos.
-
-@node Configuring OTPs, , When to use one time passwords?, One-Time Passwords
-@comment node-name, next, previous, up
-@section Configuring OTPs
-
-@heading Initializing
-
-To initialize your OTPs use the @code{otp} program. This program will
-write an entry in a local file on this host with your current password
-(in this case the 100th) and the corresponding seed (@samp{foobar}).
-@pindex otp
-
-@example
-@cartouche
-datan:>otp 100 foobar
-Pass-phrase: <pass-phrase>
-Verifying password Pass-phrase: <pass-phrase>
-@end cartouche
-@end example
-
-@heading Generating
-
-To print out a list of them there is a program called
-@code{otpprint}.
-@pindex otpprint
-
-@example
-@cartouche
-datan:>otpprint 100 foobar
-Pass-phrase: <pass-phrase>
-91: SLAM BUY SUP DUSK SKY BEST
-92: DEEM SIGH ROB RASH JUG MAT
-93: DUET FISK HERS AREA TOLL SUP
-94: WOW RAIN LEAK SARA MARK WING
-95: COG YELL MILK CART ABE BAWL
-96: GROW SILK GIST OMEN CAM ANNE
-97: JAG QUAD NUT BEAT BHOY MAGI
-98: ADAM USED GENE NIP EYE SIS
-99: MY SUNG HERO AT DASH RAKE
-100: CORN KNIT BOTH TOGO SOUL BOG
-@end cartouche
-@end example
-
-@heading Using the OTPs
-
-When you try to use one and have initialized a series of
-one-time passwords for yourself you will get a challenge with the
-algorithm being used, the sequence number, and the seed. Enter those in
-your generator or find the corresponding password in your list.
-
-@example
-@cartouche
-login: assar
-assar's [ otp-md5 99 foobar ] Password: <MY SUNG HERO AT DASH RAKE>
-@end cartouche
-@end example
-
-The sequence number of the password will start at one less that the
-number you gave to @code{otp} and decrease by one every time you use it.
-You should try to keep track of which should be the current one so that
-you can be assured that nobody has stolen some of your passwords and
-used them. When the number has reached zero you need to acquire a new
-series of passwords.
-
-Once you have initialized your series of passwords, you can always use
-them at any password prompt where you get the challenge as shown above.
-
-@heading Configuring servers
-
-@code{ftpd}, @code{telnetd}, and @code{popper} can be configured to
-require one-time passwords when the connection has not been kerberos
-authenticated. Check the man pages for these programs for the correct
-options.
diff --git a/kerberosIV/doc/problems.texi b/kerberosIV/doc/problems.texi
deleted file mode 100644
index a8c4d1e1475..00000000000
--- a/kerberosIV/doc/problems.texi
+++ /dev/null
@@ -1,131 +0,0 @@
-@node Resolving frequent problems, Acknowledgments, One-Time Passwords, Top
-@chapter Resolving frequent problems
-
-@menu
-* Problems compiling Kerberos::
-* Common error messages::
-@end menu
-
-@node Problems compiling Kerberos, Common error messages, Resolving frequent problems, Resolving frequent problems
-@section Problems compiling Kerberos
-
-Many compilers require a switch to become ANSI compliant. Since kth-krb
-is written in ANSI C it is necessary to specify the name of the compiler
-to be used and the required switch to make it ANSI compliant. This is
-most easily done when running configure using the @kbd{env} command. For
-instance to build under HP-UX using the native compiler do:
-
-@cartouche
-@example
-datan$ env CC="cc -Ae" ./configure
-@end example
-@end cartouche
-
-In general @kbd{gcc} works. The following combinations have also been
-verified to successfully compile the distribution:
-
-@table @asis
-
-@item @samp{HP-UX}
-@kbd{cc -Ae}
-@item @samp{Digital UNIX}
-@kbd{cc -std1}
-@item @samp{AIX}
-@kbd{xlc}
-@item @samp{Solaris 2.x}
-@kbd{cc} (unbundled one)
-@item @samp{IRIX}
-@kbd{cc}
-
-@end table
-
-@node Common error messages, , Problems compiling Kerberos, Resolving frequent problems
-@section Common error messages
-
-These are some of the more obscure error messages you might encounter:
-
-@table @asis
-
-@item @samp{Time is out of bounds}
-
-The time on your machine differs from the time on either the kerberos
-server or the machine you are trying to login to. If it isn't obvious
-that this is the case, remember that all times are compared in UTC.
-
-On unix systems you usually can find out what the local time is by doing
-@code{telnet machine daytime}. This time (again, usually is the keyword)
-is with correction for time-zone and daylight savings.
-
-If you have problem keeping your clocks synchronized, consider using a
-time keeping system such as NTP (see also the discussion in
-@ref{Install the client programs}).
-
-@item @samp{Ticket issue date too far in the future}
-
-The time on the kerberos server is more than five minutes ahead of the
-time on the server.
-
-@item @samp{Can't decode authenticator}
-
-This means that there is a mismatch between the service key in the
-kerberos server and the service key file on the specific machine.
-Either:
-@itemize @bullet
-@item
-the server couldn't find a service key matching the request
-@item
-the service key (or version number) does not match the key the packet
-was encrypted with
-@end itemize
-
-@item @samp{Incorrect network address}
-
-The address in the ticket does not match the address you sent the
-request from. This happens on systems with more than one network
-address, either physically or logically. You can list addresses which
-should be considered equal in @file{/etc/kerberosIV/krb.equiv} on your servers.
-
-A note to programmers: a server should not pass @samp{*} as the instance
-to @samp{krb_rd_req}. It should try to figure out on which interface the
-request was received, for instance by using @samp{k_getsockinst}.
-
-If you change addresses on your computer you invalidate any tickets you
-might have. The easiest way to fix this is to get new tickets with the
-new address.
-
-@item @samp{Message integrity error}
-
-The packet is broken in some way:
-@itemize @bullet
-@item
-the lengths does not match the size of the packet, or
-@item
-the checksum does not match the contents of the packet
-@end itemize
-
-@item @samp{Can't send request}
-There is some problem contacting the kerberos server. Either the server
-is down, or it is using the wrong port (compare the entries for
-@samp{kerberos-iv} in @file{/etc/services}). The client might also have
-failed to guess what kerberos server to talk to (check
-@file{/etc/kerberosIV/krb.conf} and @file{/etc/kerberosIV/krb.realms}).
-
-@item @samp{kerberos: socket: Unable to open socket...}
-
-The kerberos server has to open four sockets for each interface. If you
-have a machine with lots of virtual interfaces, you run the risk of
-running out of file descriptors. If that happens you will get this
-error message.
-
-@item @samp{ftp: User foo access denied}
-
-This usually happens because the user's shell is not listed in
-@file{/etc/shells}. Note that @kbd{ftpd} checks this file even on
-systems where the system version does not and there is no
-@file{/etc/shells}.
-
-@item @samp{Generic kerberos error}
-This is a generic catch-all error message.
-
-@end table
-
diff --git a/kerberosIV/doc/setup.texi b/kerberosIV/doc/setup.texi
deleted file mode 100644
index eea758303c9..00000000000
--- a/kerberosIV/doc/setup.texi
+++ /dev/null
@@ -1,809 +0,0 @@
-@node How to set up a realm, One-Time Passwords, What is Kerberos?, Top
-@chapter How to set up a realm
-
-@quotation
-@flushleft
- Who willed you? or whose will stands but mine?
- There's none protector of the realm but I.
- Break up the gates, I'll be your warrantize.
- Shall I be flouted thus by dunghill grooms?
- --- King Henry VI, 6.1
-@end flushleft
-@end quotation
-
-@menu
-* How to set up the kerberos server::
-* Install the client programs::
-* Install the kerberised services::
-* Install a slave kerberos server::
-* Cross-realm functionality ::
-@end menu
-
-@node How to set up the kerberos server, Install the client programs, How to set up a realm, How to set up a realm
-@section How to set up the kerberos server
-
-@menu
-* Choose a realm name::
-* Choose a kerberos server::
-* Install the configuration files::
-* Install the /etc/services::
-* Install the kerberos server::
-* Set up the server::
-* Add a few important principals::
-* Start the server::
-* Try to get tickets::
-* Create initial ACL for the admin server::
-* Start the admin server::
-* Add users to the database::
-* Automate the startup of the servers::
-@end menu
-
-@node Choose a realm name, Choose a kerberos server, How to set up the kerberos server, How to set up the kerberos server
-@subsection Choose a realm name
-
-A
-@cindex realm
-realm is an administrative domain. Kerberos realms are usually
-written in uppercase and consist of a Internet domain
-name@footnote{Using lowercase characters in the realm name might break
-in mysterious ways. This really should have been fixed, but has not.}.
-Call your realm the same as your Internet domain name if you do not have
-strong reasons for not doing so. It will make life easier for you and
-everyone else.
-
-@node Choose a kerberos server, Install the configuration files, Choose a realm name, How to set up the kerberos server
-@subsection Choose a kerberos server
-
-You need to choose a machine to run the
-@pindex kerberos
-kerberos server program. If the kerberos database residing on this host
-is compromised, your entire realm will be compromised. Therefore, this
-machine must be as secure as possible. Preferably it should not run any
-services other than Kerberos. The secure-minded administrator might
-only allow logins on the console.
-
-This machine has also to be reliable. If it is down, you will not be
-able to use any kerberised services unless you have also configured a
-slave server (@pxref{Install a slave kerberos server})
-
-Running the kerberos server requires very little CPU power and a small
-amount of disk. An old PC with some hundreds of megabytes of free disk
-space should do fine. Most of the disk space will be used for various
-logs.
-
-@node Install the configuration files, Install the /etc/services, Choose a kerberos server, How to set up the kerberos server
-@subsection Install the configuration files
-
-There are two important configuration files: @file{/etc/kerberosIV/krb.conf} and
-@file{/etc/kerberosIV/krb.realms}.
-@pindex krb.conf
-@pindex krb.realms
-
-The @file{krb.conf} file determines which machines are servers for
-different realms. The format of this file is:
-
-@example
-THIS.REALM
-THIS.REALM kerberos.this.realm admin server
-THIS.REALM kerberos-1.this.realm
-ANOTHER.REALM kerberos.another.realm
-@end example
-
-The first line defines the name of the local realm. Line two defines the
-name of the master kerberos server and the database administration
-server for this realm. You can define any number of kerberos slave
-servers similar to the one defined in line three. The clients will try
-to contact the servers in the order they are defined in @file{krb.conf}.
-
-To disable kerberos on your system place a '#'-sign as the first character
-on the first line in @file{/etc/kerberosIV/krb.conf}. This will disable any
-kerberos authentication on your system.
-
-The @samp{admin server} clause at the first entry states that this is
-the master server
-@cindex master server
-(the one to contact when modifying the database, such as changing
-passwords). There should be only one such entry for each realm.
-
-In the original MIT Kerberos 4 (as in most others), the server
-specification could only take the form of a host-name. To facilitate
-having kerberos servers in odd places (such as behind a firewall),
-support has been added for ports other than the default (750), and
-protocols other than UDP.
-
-The formal syntax for an entry is now
-@samp{[@var{proto}/]@var{host}[:@var{port}]}. @var{proto} is either
-@samp{udp} or @samp{tcp}, and @var{port} is the port to talk to. Default
-value for @var{proto} is @samp{udp} and for @var{port} whatever
-@samp{kerberos-iv} is defined to be in @file{/etc/services} or 750 if
-undefined.
-
-You can also talk HTTP with your KDC, in that case you specify an URL,
-like @samp{http://@var{host}[:@var{port}]}. If you for some reason need
-to use a HTTP proxy, you can specify the proxy in the @samp{krb4_proxy}
-environment variable, also in URL format. The default for port in this
-case is 80.
-
-If the information about a realm is missing from the @file{krb.conf}
-file, or if the information is wrong, the following methods will be
-tried in order.
-
-@enumerate
-@item
-If you have an SRV-record (@cite{RFC 2052}) for your realm it will be
-used. This record should be of the form
-@samp{kerberos-iv.@var{protocol}.@var{REALM}}, where @var{proto} is
-either @samp{udp} or @samp{tcp}. (Note: the current implementation does
-not look at priority or weight when deciding which server to talk to.)
-@item
-If there isn't any SRV-record, it tries to find a TXT-record for the
-same domain. The contents of the record should have the same format as the
-host specification in @file{krb.conf}. (Note: this is a temporary
-solution if your name server doesn't support SRV records. The clients
-should work fine with SRV records, so if your name server supports them,
-they are very much preferred.)
-@item
-If no valid kerberos server is found, it will try to talk udp to the
-service @samp{kerberos-iv} with fall-back to port 750 with
-@samp{kerberos.@var{REALM}} (which is also assumed to be the master
-server), and then @samp{kerberos-1.@var{REALM}},
-@samp{kerberos-2.@var{REALM}}, and so on.
-@end enumerate
-
-We strongly recommend that you add a CNAME @samp{kerberos.@var{REALM}}
-pointing to your kerberos master server.
-
-The @file{krb.realms} file is used to find out what realm a particular
-host belongs to. An example of this file could look like:
-
-@example
-this.realm THIS.REALM
-.this.realm THIS.REALM
-foo.com SOME.OTHER.REALM
-www.foo.com A.STRANGE.REALM
-.foo.com FOO.REALM
-@end example
-
-Entries starting with a dot are taken as the name of a domain. Entries
-not starting with a dot are taken as a host-name. The first entry matched
-is used. The entry for @samp{this.realm} is only necessary if there is a
-host named @samp{this.realm}.
-
-If no matching realm is found in @file{krb.realms}, DNS is searched for
-the correct realm. For example, if we are looking for host @samp{a.b.c},
-@samp{krb4-realm.a.b.c} is first tried and then @samp{krb4-realm.b.c}
-and so on. The entry should be a TXT record containing the name of the
-realm, such as:
-
-@example
-krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE"
-@end example
-
-If this didn't help the domain name sans the first part in uppercase is
-tried.
-
-The plain vanilla version of Kerberos doesn't have any fancy methods of
-getting realms and servers so it is generally a good idea to keep
-@file{krb.conf} and @file{krb.realms} up to date.
-
-@node Install the /etc/services, Install the kerberos server, Install the configuration files, How to set up the kerberos server
-@subsection Updating /etc/services
-
-(Obsolete in OpenBSD)
-
-You should append or merge the contents of @file{services.append} to
-your @file{/etc/services} files or NIS-map. Remove any unused factory
-installed kerberos port definitions to avoid possible conflicts.
-@pindex services
-
-Most of the programs will fall back to the default ports if the port
-numbers are not found in @file{/etc/services}, but it is convenient to
-have them there anyway.
-
-@node Install the kerberos server, Set up the server, Install the /etc/services, How to set up the kerberos server
-@subsection Install the kerberos server
-
-You should have already chosen the machine where you want to run the
-kerberos server and the realm name. The machine should also be as
-secure as possible (@pxref{Choose a kerberos server}) before installing
-the kerberos server. In this example, we will install a kerberos server
-for the realm @samp{FOO.SE} on a machine called @samp{hemlig.foo.se}.
-
-@node Set up the server, Add a few important principals, Install the kerberos server, How to set up the kerberos server
-@subsection Setup the server
-
-Login as root on the console of the kerberos server. Run
-@kbd{kdb_init}:
-@pindex kdb_init
-
-@example
-@cartouche
-hemlig# kdb_init
-Realm name [default FOO.SE ]:
-You will be prompted for the database Master Password.
-It is important that you NOT FORGET this password.
-
-Enter Kerberos master password:
-Verifying password
-Enter Kerberos master password:
-@end cartouche
-@end example
-
-If you have set up the configuration files correctly, @kbd{kdb_init}
-should choose the correct realm as the default, otherwise a (good) guess
-is made. Enter the master password.
-
-This password will only be used for encrypting the kerberos database on
-disk and for generating new random keys. You will not have to remember
-it, only to type it again when you run @kbd{kstash}. Choose something
-long and random. Now run @kbd{kstash} using the same password:
-@pindex kstash
-
-@example
-@cartouche
-hemlig# kstash
-
-Enter Kerberos master password:
-
-Current Kerberos master key version is 1.
-
-Master key entered. BEWARE!
-Wrote master key to /etc/kerberosIV/master_key
-@end cartouche
-@end example
-
-After entering the same master password it will be saved in the file
-@file{/etc/kerberosIV/master_key} and the kerberos server will read it when needed. Write down
-the master password and put it in a sealed envelope in a safe, you might
-need it if your disk crashes or should you want to set up a slave
-server.
-
-@code{kdb_init} initializes the database with a few entries:
-
-@table @samp
-@item krbtgt.@var{REALM}
-The key used for authenticating to the kerberos server.
-
-@item changepw.kerberos
-The key used for authenticating to the administrative server, i.e. when
-adding users, changing passwords, and so on.
-
-@item default
-This entry is copied to new items when these are added. Enter here the
-values you want new entries to have, particularly the expiry date.
-
-@item K.M
-This is the master key and it is only used to verify that the master key
-that is saved un-encrypted in @file{/etc/kerberosIV/master_key} is correct and corresponds to
-this database.
-
-@end table
-
-@code{kstash} only reads the master password and writes it to
-@file{/etc/kerberosIV/master_key}. This enables the kerberos server to start without you
-having to enter the master password. This file (@file{/etc/kerberosIV/master_key}) is only
-readable by root and resides on a ``secure'' machine.
-
-@node Add a few important principals, Start the server, Set up the server, How to set up the kerberos server
-@subsection Add a few important principals
-
-Now the kerberos database has been created, containing only a few
-principals. The next step is to add a few more so that you can test
-that it works properly and so that you can administer your realm without
-having to use the console on the kerberos server. Use @kbd{kdb_edit}
-to edit the kerberos database directly on the server.
-@pindex kdb_edit
-
-@code{kdb_edit} is intended as a bootstrapping and fall-back mechanism
-for editing the database. For normal purposes, use the @code{kadmin}
-program (@pxref{Add users to the database})
-
-The following example shows the adding of the principal
-@samp{nisse.admin} into the kerberos database. This principal is used
-by @samp{nisse} when administrating the kerberos database. Later on the
-normal principal for @samp{nisse} will be created. Replace @samp{nisse}
-and @samp{password} with your own username and password.
-
-@example
-@cartouche
-hemlig# kdb_edit -n
-Opening database...
-Current Kerberos master key version is 1.
-
-Master key entered. BEWARE!
-Previous or default values are in [brackets] ,
-enter return to leave the same, or new value.
-
-Principal name: <nisse>
-Instance: <admin>
-
-<Not found>, Create [y] ? <>
-
-Principal: nisse, Instance: admin, kdc_key_ver: 1
-New Password: <password>
-Verifying password
-New Password: <password>
-
-Principal's new key version = 1
-Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ? <>
-Max ticket lifetime (*5 minutes) [ 255 ] ? <>
-Attributes [ 0 ] ? <>
-Edit O.K.
-Principal name: <>
-@end cartouche
-@end example
-
-@code{kdb_edit} will loop until you hit the @kbd{return} key at the
-``Principal name'' prompt. Now you have added nisse as an administrator.
-
-@node Start the server, Try to get tickets, Add a few important principals, How to set up the kerberos server
-@subsection Start the server
-
-@pindex kerberos
-@example
-@cartouche
-hemlig# /usr/libexec/kerberos &
-Kerberos server starting
-Sleep forever on error
-Log file is /var/log/kerberos.log
-Current Kerberos master key version is 1.
-
-Master key entered. BEWARE!
-
-Current Kerberos master key version is 1
-Local realm: FOO.SE
-@end cartouche
-@end example
-
-@node Try to get tickets, Create initial ACL for the admin server, Start the server, How to set up the kerberos server
-@subsection Try to get tickets
-
-You can now verify that these principals have been added and that the
-server is working correctly.
-
-@pindex kinit
-@example
-@cartouche
-hemlig# kinit
-eBones International (hemlig.foo.se)
-Kerberos Initialization
-Kerberos name: <nisse.admin>
-Password: <password>
-@end cartouche
-@end example
-
-If you do not get any error message from @code{kinit}, then everything
-is working (otherwise, see @ref{Common error messages}). Use
-@code{klist} to verify the tickets you acquired with @code{kinit}:
-
-@pindex klist
-@example
-@cartouche
-hemlig# klist
-Ticket file: /tmp/tkt0
-Principal: nisse.admin@@FOO.SE
-
-Issued Expires Principal
-May 24 21:06:03 May 25 07:06:03 krbtgt.FOO.SE@@FOO.SE
-@end cartouche
-@end example
-
-@node Create initial ACL for the admin server, Start the admin server, Try to get tickets, How to set up the kerberos server
-@subsection Create initial ACL for the admin server
-
-The admin server, @code{kadmind}, uses a series of files to determine who has
-@pindex kadmind
-the right to perform certain operations. The files are:
-@file{admin_acl.add}, @file{admin_acl.get}, @file{admin_acl.del}, and
-@file{admin_acl.mod}. Create these with @samp{nisse.admin@@FOO.SE} as
-the contents.
-@pindex admin_acl.add
-@pindex admin_acl.get
-@pindex admin_acl.del
-@pindex admin_acl.mod
-
-@example
-@cartouche
-hemlig# echo "nisse.admin@@FOO.SE" >> /etc/kerberosIV/admin_acl.add
-hemlig# echo "nisse.admin@@FOO.SE" >> /etc/kerberosIV/admin_acl.get
-hemlig# echo "nisse.admin@@FOO.SE" >> /etc/kerberosIV/admin_acl.mod
-hemlig# echo "nisse.admin@@FOO.SE" >> /etc/kerberosIV/admin_acl.del
-@end cartouche
-@end example
-
-Later on you may wish to add more users with administration
-privileges. Make sure that you create both the administration principals
-and add them to the admin server ACL.
-
-@node Start the admin server, Add users to the database, Create initial ACL for the admin server, How to set up the kerberos server
-@subsection Start the admin server
-
-@pindex kadmind
-@example
-@cartouche
-hemlig# /usr/libexec/kadmind &
-KADM Server KADM0.0A initializing
-Please do not use 'kill -9' to kill this job, use a
-regular kill instead
-
-Current Kerberos master key version is 1.
-
-Master key entered. BEWARE!
-@end cartouche
-@end example
-
-@node Add users to the database, Automate the startup of the servers, Start the admin server, How to set up the kerberos server
-@subsection Add users to the database
-
-Use the @code{kadmin} client to add users to the database:
-@pindex kadmin
-
-@example
-@cartouche
-hemlig# kadmin -u nisse.admin -m
-Welcome to the Kerberos Administration Program, version 2
-Type "help" if you need it.
-admin: <add nisse>
-Admin password: <nisse.admin's password>
-Maximum ticket lifetime? (255) [Forever]
-Attributes? [0x00]
-Expiration date (enter yyyy-mm-dd) ? [Sat Jan 1 05:59:00 2000]
-Password for nisse:
-Verifying password Password for nisse:
-nisse added to database.
-@end cartouche
-@end example
-
-Add whatever other users you want to have in the same way. Verify that
-a user is in the database and check the database entry for that user:
-
-@example
-@cartouche
-admin: <get nisse>
-Info in Database for nisse.:
-Max Life: 255 (Forever) Exp Date: Sat Jan 1 05:59:59 2000
-
-Attribs: 00 key: 0 0
-admin: <^D>
-Cleaning up and exiting.
-@end cartouche
-@end example
-
-@node Automate the startup of the servers, , Add users to the database, How to set up the kerberos server
-@subsection Automate the startup of the servers
-
-Add the lines that were used to start the kerberos server and the
-admin server to your startup scripts (@file{/etc/rc} or similar).
-@pindex rc
-
-@node Install the client programs, Install the kerberised services, How to set up the kerberos server, How to set up a realm
-@section Install the client programs
-
-(Obsolete in OpenBSD)
-
-Making a machine a kerberos client only requires a few steps. First you
-might need to change the configuration files as with the kerberos
-server. (@xref{Install the configuration files}, and @pxref{Install the
-/etc/services}) Also you need to make the programs in
-@file{/usr/athena/bin} available. This can be done by adding the
-@file{/usr/athena/bin} directory to the users' paths, by making symbolic
-links, or even by copying the programs.
-
-You should also verify that the local time on the client is synchronised
-with the time on the kerberos server by some means. The maximum allowed
-time difference between the participating servers and a client is 5
-minutes.
-@cindex NTP.
-One good way to synchronize the time is NTP (Network Time Protocol), see
-@url{http://www.eecis.udel.edu/~ntp/}.
-
-If you need to run the client programs on a machine where you do not
-have root-access, you can hopefully just use the binaries and no
-configuration will be needed. The heuristics used are mentioned above
-(see @ref{Install the configuration files}). If this is not the case
-and you need to have @file{krb.conf} and/or @file{krb.realms}, you can
-copy them into a directory of your choice and
-@pindex krb.conf
-@pindex krb.realms
-set the environment variable @var{KRBCONFDIR} to point at this
-@cindex KRBCONFDIR
-directory.
-
-To test the client functionality, run the @code{kinit} program:
-
-@example
-@cartouche
-foo$ kinit
-eBones International (foo.foo.se)
-Kerberos Initialization
-Kerberos name: <nisse>
-Password: <password>
-
-foo$ klist
-Ticket file: /tmp/tkt4711
-Principal: nisse@@FOO.SE
-
-Issued Expires Principal
-May 24 21:06:03 May 25 07:06:03 krbtgt.FOO.SE@@FOO.SE
-@end cartouche
-@end example
-
-@node Install the kerberised services, Install a slave kerberos server, Install the client programs, How to set up a realm
-@section Install the kerberised services
-
-(Obsolete in OpenBSD)
-
-These includes @code{rsh}, @code{rlogin}, @code{telnet}, @code{ftp},
-@code{rxtelnet}, and so on.
-@pindex rsh
-@pindex rlogin
-@pindex telnet
-@pindex ftp
-@pindex rxtelnet
-
-First follow the steps mentioned in the prior section to make it a
-client and verify its operation. Change @file{inetd.conf} next to use
-the new daemons. Look at the file
-@pindex inetd.conf
-@file{etc/inetd.conf.changes} to see the changes that we recommend you
-perform on @file{inetd.conf}.
-
-You should at this point decide what services you want to run on
-each machine.
-
-@subsection rsh, rlogin, and rcp
-@pindex rsh
-@pindex rlogin
-@pindex rcp
-
-These exist in kerberised versions and ``old-style'' versions. The
-different versions use different port numbers, so you can choose none,
-one, or both. If you do not want to use ``old-style'' r* services, you
-can let the programs output the text ``Remote host requires Kerberos
-authentication'' instead of just refusing connections to that port.
-This is enabled with the @samp{-v} option. The kerberised services
-exist in encrypted and non-encrypted versions. The encrypted services
-have an ``e'' prepended to the name and the programs take @samp{-x} as an
-option indicating encryption.
-
-Our recommendation is to only use the kerberised services and give
-explanation messages for the old ports.
-
-@subsection telnet
-@pindex telnet
-
-The telnet service always uses the same port and negotiates as to which
-authentication method should be used. The @code{telnetd} program has
-@pindex telnetd
-an option ``-a user'' that only allows kerberised and authenticated
-connections. If this is not included, it falls back to using clear text
-passwords. For obvious reasons, we recommend that you enable this
-option. If you want to use one-time passwords (@pxref{One-Time
-Passwords}) you can use the ``-a otp'' option which will allow OTPs or
-kerberised connections.
-
-@subsection ftp
-@pindex ftp
-
-The ftp service works as telnet does, with just one port being used. By
-default only kerberos authenticated connections are allowed. You can
-specify additional levels that are thus allowed with these options:
-
-@table @asis
-@item @kbd{-a otp}
-Allow one-time passwords (@pxref{One-Time Passwords})
-@item @kbd{-a ftp}
-Allow anonymous login (as user ``ftp'' or ``anonymous'').
-@item @kbd{-a safe}
-The same as @kbd{-a ftp}, for backwards compatibility.
-@item @kbd{-a plain}
-Allow clear-text passwords.
-@item @kbd{-a none}
-The same as @kbd{-a ftp -a plain}.
-@item @kbd{-a user}
-A no-op, also there for backwards compatibility reasons.
-@end table
-
-When running anonymous ftp you should read the man page on @code{ftpd}
-which explains how to set it up.
-
-@subsection pop
-@pindex popper
-
-The Post Office Protocol (POP) is used to retrieve mail from the mail
-hub. The @code{popper} program implements the standard POP3 protocol
-and the kerberised KPOP. Use the @samp{-k} option to run the kerberos
-version of the protocol. This service should only be run on your mail
-hub.
-
-@subsection kx
-@pindex kx
-
-@code{kx} allows you to run X over a kerberos-authenticated and
-encrypted connection. This program is used by @code{rxtelnet},
-@code{tenletxr}, and @code{rxterm}.
-
-If you have some strange kind of operating system with X libraries that
-do not allow you to use unix-sockets, you need to specify the @samp{-t}
-@pindex kxd
-option to @code{kxd}. Otherwise it should be sufficient by adding the
-daemon in @file{inetd.conf}.
-
-@subsection kauth
-@pindex kauth
-
-This service allows you to create tickets on a remote host. To
-enable it just insert the corresponding line in @file{inetd.conf}.
-
-@section srvtabs
-@pindex srvtab
-
-In the same way every user needs to have a password registered with
-the kerberos server, every service needs to have a shared key with the
-kerberos server. The service keys are stored in a file, usually called
-@file{/etc/kerberosIV/srvtab}. This file should not be readable to anyone but
-root, in order to keep the key from being divulged. The name of this principal
-in the kerberos database is usually the service and the host. The key
-for the pop service is called @samp{pop.@var{hostname}}. The one for
-rsh/rlogin/telnet is named @samp{rcmd.@var{hostname}}. (rcmd comes from
-``remote command''). To create these keys you will use the the
-@code{ksrvutil} program. Perform the
-@pindex ksrvutil
-following:
-
-@example
-@cartouche
-bar# ksrvutil -p nisse.admin get
-Name [rcmd]: <>
-Instance [bar]: <>
-Realm [FOO.SE]: <>
-Is this correct? (y,n) [y] <>
-Add more keys? (y,n) [n] <>
-Password for nisse.admin@@FOO.SE: <nisse.admin's password>
-Written rcmd.bar
-rcmd.bar@@FOO.SE
-Old keyfile in /etc/srvtab.old.
-@end cartouche
-@end example
-
-@subsection Complete test of the kerberised services
-
-Obtain a ticket on one machine (@samp{foo}) and use it to login with a
-kerberised service to a second machine (@samp{bar}). The test should
-look like this if successful:
-
-@example
-@cartouche
-foo$ kinit nisse
-eBones International (foo.foo.se)
-Kerberos Initialization for "nisse"
-Password: <nisse's password>
-foo$ klist
-Ticket file: /tmp/tkt4711
-Principal: nisse@@FOO.SE
-
-Issued Expires Principal
-May 30 13:48:03 May 30 23:48:03 krbtgt.FOO.SE@@FOO.SE
-foo$ telnet bar
-Trying 17.17.17.17...
-Connected to bar.foo.se
-Escape character is '^]'.
-[ Trying mutual KERBEROS4 ... ]
-[ Kerberos V4 accepts you ]
-[ Kerberos V4 challenge successful ]
-bar$
-@end cartouche
-@end example
-
-You can also try with @code{rsh}, @code{rcp}, @code{rlogin},
-@code{rlogin -x}, and some other commands to see that everything is
-working all right.
-
-@node Install a slave kerberos server, Cross-realm functionality , Install the kerberised services, How to set up a realm
-@section Install a slave kerberos server
-
-It is desirable to have at least one backup (slave) server in case the
-master server fails. It is possible to have any number of such slave
-servers but more than three usually doesn't buy much more redundancy.
-
-First select a good server machine. @xref{Choose a kerberos
-server}. Since the master and slave servers will use copies of the same
-database, they need to use the same master key.
-
-On the master, add a @samp{rcmd.kerberos} principal (using
-@samp{ksrvutil get}). The
-@pindex kprop
-@code{kprop} program, running on the master, will use this when
-authenticating to the
-@pindex kpropd
-@code{kpropd} daemons running on the slave servers.
-
-On your master server, create a file, e.g. @file{/etc/kerberosIV/slaves},
-that contains the hostnames of your kerberos slave servers.
-
-Start @code{kpropd} with @samp{kpropd -i} on your slave servers.
-
-On your master server, create a dump of the database with @samp{kdb_util
-slave_dump /etc/kerberosIV/slave_dump}, and then run @code{kprop}.
-
-You should now have copies of the database on your slave servers. You
-can verify this by issuing @samp{kdb_util dump @var{file}} on your
-slave servers, and comparing with the original file on the master
-server. Note that the entries will not be in the same order.
-
-This procedure should be automated with a script run regularly by cron,
-for instance once an hour.
-
-To start the kerberos server on slaves, you first have to copy the
-master key from the master server. You can do this either by remembering
-the master password and issuing @samp{kstash}, or you can just copy the
-keyfile. Remember that if you copy the file, do so on a safe media, not
-over the network. Good means include floppy or paper. Paper is better,
-since it is easier to swallow afterwards.
-
-The kerberos server should be started with @samp{-s} on the slave
-servers. This enables sanity checks, for example checking the time since
-the last update from the master.
-
-All changes to the database are made by @code{kadmind} at the master,
-and then propagated to the slaves, so you should @strong{not} run
-@code{kadmind} on the slaves.
-
-Finally add the slave servers to
-@file{/etc/kerberosIV/krb.conf}. The clients will ask the servers in the order
-specified by that file.
-
-Consider adding CNAMEs to your slave servers, see @ref{Install the
-configuration files}.
-
-@node Cross-realm functionality , , Install a slave kerberos server, How to set up a realm
-@section Cross-realm functionality
-
-Suppose you are residing in the realm @samp{MY.REALM}, how do you
-authenticate to a server in @samp{OTHER.REALM}? Having valid tickets in
-@samp{MY.REALM} allows you to communicate with kerberised services in that
-realm. However, the computer in the other realm does not have a secret
-key shared with the kerberos server in your realm.
-
-It is possible to add a shared key between two realms that trust each
-other. When a client program, such as @code{telnet}, finds that the
-other computer is in a different realm, it will try to get a ticket
-granting ticket for that other realm, but from the local kerberos
-server. With that ticket granting ticket, it will then obtain service
-tickets from the kerberos server in the other realm.
-
-To add this functionality you have to add a principal to each realm. The
-principals should be @samp{krbtgt.OTHER.REALM} in @samp{MY.REALM}, and
-@samp{krbtgt.MY.REALM} in @samp{OTHER.REALM}. The two different
-principals should have the same key (and key version number). Remember
-to transfer this key in a safe manner. This is all that is required.
-
-@example
-@cartouche
-blubb$ klist
-Ticket file: /tmp/tkt3008
-Principal: joda@@NADA.KTH.SE
-
- Issued Expires Principal
-Jun 7 02:26:23 Jun 7 12:26:23 krbtgt.NADA.KTH.SE@@NADA.KTH.SE
-blubb$ telnet agat.e.kth.se
-Trying 130.237.48.12...
-Connected to agat.e.kth.se.
-Escape character is '^]'.
-[ Trying mutual KERBEROS4 ... ]
-[ Kerberos V4 accepts you ]
-[ Kerberos V4 challenge successful ]
-Last login: Sun Jun 2 20:51:50 from emma.pdc.kth.se
-
-agat$ exit
-Connection closed by foreign host.
-blubb$ klist
-Ticket file: /tmp/tkt3008
-Principal: joda@@NADA.KTH.SE
-
- Issued Expires Principal
-Jun 7 02:26:23 Jun 7 12:26:23 krbtgt.NADA.KTH.SE@@NADA.KTH.SE
-Jun 7 02:26:50 Jun 7 12:26:50 krbtgt.E.KTH.SE@@NADA.KTH.SE
-Jun 7 02:26:51 Jun 7 12:26:51 rcmd.agat@@E.KTH.SE
-@end cartouche
-@end example
diff --git a/kerberosIV/doc/whatis.texi b/kerberosIV/doc/whatis.texi
deleted file mode 100644
index eaf19aabb08..00000000000
--- a/kerberosIV/doc/whatis.texi
+++ /dev/null
@@ -1,137 +0,0 @@
-@node What is Kerberos?, How to set up a realm, Introduction, Top
-@chapter What is Kerberos?
-
-@quotation
-@flushleft
- Now this Cerberus had three heads of dogs,
- the tail of a dragon, and on his back the
- heads of all sorts of snakes.
- --- Pseudo-Apollodorus Library 2.5.12
-@end flushleft
-@end quotation
-
-Kerberos is a system for authenticating users and services on a network.
-It is built upon the assumption that the network is ``unsafe''. For
-example, data sent over the network can be eavesdropped and altered, and
-addresses can also be faked. Therefore they cannot be used for
-authentication purposes.
-@cindex authentication
-
-Kerberos is a trusted third-party service. That means that there is a
-third party (the kerberos server) that is trusted by all the entities on
-the network (users and services, usually called @dfn{principals}). All
-principals share a secret password (or key) with the kerberos server and
-this enables principals to verify that the messages from the kerberos
-server are authentic. Thus trusting the kerberos server, users and
-services can authenticate each other.
-
-@section Basic mechanism
-
-@ifinfo
-@macro sub{arg}
-<\arg\>
-@end macro
-@end ifinfo
-
-@tex
-@def@xsub#1{$_{#1}$}
-@global@let@sub=@xsub
-@end tex
-
-In Kerberos, principals use @dfn{tickets} to prove that they are who
-they claim to be. In the following example, @var{A} is the initiator of
-the authentication exchange, usually a user, and @var{B} is the service
-that @var{A} wishes to use.
-
-To obtain a ticket for a specific service, @var{A} sends a ticket
-request to the kerberos server. The request basically contains @var{A}'s
-and @var{B}'s names. The kerberos server checks that both @var{A} and
-@var{B} are valid principals.
-
-Having verified the validity of the principals, it creates a packet
-containing @var{A}'s and @var{B}'s names, @var{A}'s network address
-(@var{A@sub{addr}}), the current time (@var{t@sub{issue}}), the lifetime
-of the ticket (@var{life}), and a secret @dfn{session key}
-@cindex session key
-(@var{K@sub{AB}}). This packet is encrypted with @var{B}'s secret key
-(@var{K@sub{B}}). The actual ticket (@var{T@sub{AB}}) looks like this:
-(@{@var{A}, @var{B}, @var{A@sub{addr}}, @var{t@sub{issue}}, @var{life},
-@var{K@sub{AB}}@}@var{K@sub{B}}).
-
-The reply to @var{A} consists of the ticket (@var{T@sub{AB}}), @var{B}'s
-name, the current time, the lifetime of the ticket, and the session key, all
-encrypted in @var{A}'s secret key (@{@var{B}, @var{t@sub{issue}},
-@var{life}, @var{K@sub{AB}}, @var{T@sub{AB}}@}@var{K@sub{A}}). @var{A}
-decrypts the reply and retains it for later use.
-
-@sp 1
-
-Before sending a message to @var{B}, @var{A} creates an authenticator
-consisting of @var{A}'s name, @var{A}'s address, the current time, and a
-``checksum'' chosen by @var{A}, all encrypted with the secret session
-key (@{@var{A}, @var{A@sub{addr}}, @var{t@sub{current}},
-@var{checksum}@}@var{K@sub{AB}}). This is sent together with the ticket
-received from the kerberos server to @var{B}. Upon reception, @var{B}
-decrypts the ticket using @var{B}'s secret key. Since the ticket
-contains the session key that the authenticator was encrypted with,
-@var{B} can now also decrypt the authenticator. To verify that @var{A}
-really is @var{A}, @var{B} now has to compare the contents of the ticket
-with that of the authenticator. If everything matches, @var{B} now
-considers @var{A} as properly authenticated.
-
-@c (here we should have some more explanations)
-
-@section Different attacks
-
-@subheading Impersonating A
-
-An impostor, @var{C} could steal the authenticator and the ticket as it
-is transmitted across the network, and use them to impersonate
-@var{A}. The address in the ticket and the authenticator was added to
-make it more difficult to perform this attack. To succeed @var{C} will
-have to either use the same machine as @var{A} or fake the source
-addresses of the packets. By including the time stamp in the
-authenticator, @var{C} does not have much time in which to mount the
-attack.
-
-@subheading Impersonating B
-
-@var{C} can masquerade @var{B}'s network address, and when @var{A} sends
-her credentials, @var{C} just pretend to verify them. @var{C} can't
-be sure that she is talking to @var{A}.
-
-@section Defense strategies
-
-It would be possible to add a @dfn{replay cache}
-@cindex replay cache
-to the server side. The idea is to save the authenticators sent during
-the last few minutes, so that @var{B} can detect when someone is trying
-to retransmit an already used message. This is somewhat impractical
-(mostly regarding efficiency), and is not part of Kerberos 4; MIT
-Kerberos 5 contains it.
-
-To authenticate @var{B}, @var{A} might request that @var{B} sends
-something back that proves that @var{B} has access to the session
-key. An example of this is the checksum that @var{A} sent as part of the
-authenticator. One typical procedure is to add one to the checksum,
-encrypt it with the session key and send it back to @var{A}. This is
-called @dfn{mutual authentication}.
-
-The session key can also be used to add cryptographic checksums to the
-messages sent between @var{A} and @var{B} (known as @dfn{message
-integrity}). Encryption can also be added (@dfn{message
-confidentiality}). This is probably the best approach in all cases.
-@cindex integrity
-@cindex confidentiality
-
-@section Further reading
-
-The original paper on Kerberos from 1988 is @cite{Kerberos: An
-Authentication Service for Open Network Systems}, by Jennifer Steiner,
-Clifford Neuman and Jeffrey I. Schiller.
-
-A less technical description can be found in @cite{Designing an
-Authentication System: a Dialogue in Four Scenes} by Bill Bryant, also
-from 1988.
-
-These and several other documents can be found on our web-page.
diff --git a/kerberosIV/ext_srvtab/Makefile b/kerberosIV/ext_srvtab/Makefile
deleted file mode 100644
index 7ad3bd3464f..00000000000
--- a/kerberosIV/ext_srvtab/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.1 1995/12/14 06:52:41 tholo Exp $
-
-PROG= ext_srvtab
-DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES}
-LDADD= -lkdb -lkrb -ldes
-MAN= ext_srvtab.8
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/ext_srvtab/ext_srvtab.8 b/kerberosIV/ext_srvtab/ext_srvtab.8
deleted file mode 100644
index 9e0a6fa7f5c..00000000000
--- a/kerberosIV/ext_srvtab/ext_srvtab.8
+++ /dev/null
@@ -1,85 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: ext_srvtab.8,v 1.4 1998/02/25 15:50:31 art Exp $
-.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-ext_srvtab \- extract service key files from Kerberos key distribution center database
-.SH SYNOPSIS
-ext_srvtab [
-.B \-n
-] [
-.B \-r realm
-] [
-.B hostname ...
-]
-.SH DESCRIPTION
-.I ext_srvtab
-extracts service key files from the Kerberos key distribution center
-(KDC) database.
-.PP
-Upon execution, it prompts the user to enter the master key string for
-the database. If the
-.B \-n
-option is specified, the master key is instead fetched from the master
-key cache file.
-.PP
-For each
-.I hostname
-specified on the command line,
-.I ext_srvtab
-creates the service key file
-.IR hostname -new-srvtab,
-containing all the entries in the database with an instance field of
-.I hostname.
-This new file contains all the keys registered for Kerberos-mediated
-service providing programs which use the
-.IR krb_get_phost (3)
-principal and instance conventions to run on the host
-.IR hostname .
-If the
-.B \-r
-option is specified, the realm fields in the extracted file will
-match the given realm rather than the local realm.
-.SH DIAGNOSTICS
-.TP 20n
-"verify_master_key: Invalid master key, does not match database."
-The master key string entered was incorrect.
-.SH FILES
-.TP 20n
-.IR hostname -new-srvtab
-Service key file generated for
-.I hostname
-.TP
-/etc/kerberosIV/principal.pag, /etc/kerberosIV/principal.dir
-DBM files containing database
-.TP
-/etc/kerberosIV/master_key
-Master key cache file.
-.SH SEE ALSO
-read_service_key(3), krb_get_phost(3)
diff --git a/kerberosIV/ext_srvtab/ext_srvtab.c b/kerberosIV/ext_srvtab/ext_srvtab.c
deleted file mode 100644
index f9ff0d2bcea..00000000000
--- a/kerberosIV/ext_srvtab/ext_srvtab.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/* $OpenBSD: ext_srvtab.c,v 1.5 1998/08/12 23:09:05 art Exp $ */
-/* $KTH: ext_srvtab.c,v 1.13 1997/05/02 14:27:33 assar Exp $ */
-
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
-
-#include <sys/param.h>
-
-#include <adm_locl.h>
-#include <err.h>
-
-static des_cblock master_key;
-static des_cblock session_key;
-static des_key_schedule master_key_schedule;
-char progname[] = "ext_srvtab";
-static char realm[REALM_SZ];
-
-static void
-usage(void)
-{
- fprintf(stderr,
- "Usage: %s [-n] [-r realm] instance [instance ...]\n", progname);
- exit(1);
-}
-
-static void
-StampOutSecrets(void)
-{
- memset(master_key, 0, sizeof master_key);
- memset(session_key, 0, sizeof session_key);
- memset(master_key_schedule, 0, sizeof master_key_schedule);
-}
-
-static void
-FWrite(void *p, int size, int n, FILE *f)
-{
- if (fwrite(p, size, n, f) != n) {
- StampOutSecrets();
- errx(1, "Error writing output file. Terminating.\n");
- }
-}
-
-int
-main(int argc, char **argv)
-{
- FILE *fout;
- char fname[MAXPATHLEN];
- int fopen_errs = 0;
- int arg;
- Principal princs[40];
- int more;
- int prompt = KDB_GET_PROMPT;
- int n, i;
-
- memset(realm, 0, sizeof(realm));
-
- if (atexit(StampOutSecrets))
- errx(1, "Out of resources");
-
- /* Parse commandline arguments */
- if (argc < 2)
- usage();
- else {
- for (i = 1; i < argc; i++) {
- if (strcmp(argv[i], "-n") == 0)
- prompt = FALSE;
- else if (strcmp(argv[i], "-r") == 0) {
- if (++i >= argc)
- usage();
- else {
- strcpy(realm, argv[i]);
- /*
- * This is to humor the broken way commandline
- * argument parsing is done. Later, this
- * program ignores everything that starts with -.
- */
- argv[i][0] = '-';
- }
- }
- else if (argv[i][0] == '-')
- usage();
- else
- if (!k_isinst(argv[i])) {
- warnx("bad instance name: %s", argv[i]);
- usage();
- }
- }
- }
-
- if (kdb_get_master_key (prompt, &master_key, master_key_schedule) != 0)
- errx (1, "Couldn't read master key.");
-
- if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0)
- exit(1);
-
- /* For each arg, search for instances of arg, and produce */
- /* srvtab file */
- if (!realm[0])
- if (krb_get_lrealm(realm, 1) != KSUCCESS) {
- StampOutSecrets();
- errx (1, "couldn't get local realm");
- }
- umask(077);
-
- for (arg = 1; arg < argc; arg++) {
- if (argv[arg][0] == '-')
- continue;
- snprintf(fname, sizeof(fname), "%s-new-srvtab", argv[arg]);
- if ((fout = fopen(fname, "w")) == NULL) {
- warn("Couldn't create file '%s'.", fname);
- fopen_errs++;
- continue;
- }
- printf("Generating '%s'....\n", fname);
- n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more);
- if (more)
- fprintf(stderr, "More than 40 found...\n");
- for (i = 0; i < n; i++) {
- FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout);
- FWrite(princs[i].instance, strlen(princs[i].instance) + 1,
- 1, fout);
- FWrite(realm, strlen(realm) + 1, 1, fout);
- FWrite(&princs[i].key_version,
- sizeof(princs[i].key_version), 1, fout);
- copy_to_key(&princs[i].key_low, &princs[i].key_high, session_key);
- kdb_encrypt_key (&session_key, &session_key,
- &master_key, master_key_schedule, DES_DECRYPT);
- FWrite(session_key, sizeof session_key, 1, fout);
- }
- fclose(fout);
- }
- StampOutSecrets();
- return fopen_errs; /* 0 errors if successful */
-}
diff --git a/kerberosIV/include/Makefile b/kerberosIV/include/Makefile
deleted file mode 100644
index 6f9af9462f2..00000000000
--- a/kerberosIV/include/Makefile
+++ /dev/null
@@ -1,5 +0,0 @@
-# $Id: Makefile,v 1.2 1996/11/16 21:52:36 downsj Exp $
-
-SUBDIR= kerberosIV
-
-.include <bsd.subdir.mk>
diff --git a/kerberosIV/include/adm_locl.h b/kerberosIV/include/adm_locl.h
deleted file mode 100644
index e67e3985246..00000000000
--- a/kerberosIV/include/adm_locl.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/* $OpenBSD: adm_locl.h,v 1.5 1998/05/18 02:13:20 art Exp $ */
-
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
-
-#ifndef __adm_locl_h
-#define __adm_locl_h
-
-#include <sys/cdefs.h>
-#include <kerberosIV/site.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include <sys/types.h>
-
-#include <sys/time.h>
-#include <time.h>
-
-#include <unistd.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <errno.h>
-#include <err.h>
-
-#include <netinet/in.h>
-
-#include <des.h>
-#include <kerberosIV/krb.h>
-#include <kerberosIV/krb_db.h>
-#include <kerberosIV/kadm.h>
-#include "kdc.h"
-
-#endif /* __adm_locl_h */
diff --git a/kerberosIV/include/kadm_locl.h b/kerberosIV/include/kadm_locl.h
deleted file mode 100644
index 3c48c57df21..00000000000
--- a/kerberosIV/include/kadm_locl.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/* $OpenBSD: kadm_locl.h,v 1.5 1998/02/18 11:53:33 art Exp $ */
-/* $KTH: kadm_locl.h,v 1.26 1997/09/02 18:13:26 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-
-#include <sys/types.h>
-
-#include <sys/time.h>
-#include <time.h>
-
-#include <sys/stat.h>
-#include <sys/select.h>
-#include <fcntl.h>
-
-#include <errno.h>
-#include <signal.h>
-#include <unistd.h>
-
-#include <sys/resource.h>
-#include <sys/wait.h>
-#include <pwd.h>
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-
-#include <syslog.h>
-
-#include <err.h>
-
-#include <com_err.h>
-#include <sl.h>
-
-#include <des.h>
-#include <kerberosIV/krb.h>
-#include <krb_err.h>
-#include <kerberosIV/krb_db.h>
-#include <kerberosIV/kadm.h>
-#include <kadm_err.h>
-#include <kerberosIV/acl.h>
-
-#include <krb_log.h>
-
-#include "kadm_server.h"
-#include "pw_check.h"
-
-/* from libacl */
-/* int acl_check(char *acl, char *principal); */
-
-/* GLOBALS */
-extern char *acldir;
-extern Kadm_Server server_parm;
-
-/* Utils */
-int kadm_change __P((char *, char *, char *, des_cblock));
-int kadm_add_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *));
-int kadm_mod_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *, Kadm_vals *));
-int kadm_get_entry __P((char *, char *, char *, Kadm_vals *, u_char *, Kadm_vals *));
-int kadm_delete_entry __P((char *, char *, char *, Kadm_vals *));
-int kadm_ser_cpw __P((u_char *, int, AUTH_DAT *, u_char **, int *));
-int kadm_ser_add __P((u_char *, int, AUTH_DAT *, u_char **, int *));
-int kadm_ser_mod __P((u_char *, int, AUTH_DAT *, u_char **, int *));
-int kadm_ser_get __P((u_char *, int, AUTH_DAT *, u_char **, int *));
-int kadm_ser_delete __P((u_char *, int, AUTH_DAT *, u_char **, int *));
-int kadm_ser_init __P((int inter, char realm[]));
-int kadm_ser_in __P((u_char **, int *));
-
-int get_pw_new_pwd __P((char *pword, int pwlen, krb_principal *pr, int print_realm));
-
-/* cracklib */
-char *FascistCheck __P((char *password, char *path, char **strings));
diff --git a/kerberosIV/include/kadm_server.h b/kerberosIV/include/kadm_server.h
deleted file mode 100644
index 2b751489a30..00000000000
--- a/kerberosIV/include/kadm_server.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* $OpenBSD: kadm_server.h,v 1.4 1998/02/25 15:50:33 art Exp $ */
-/* $Id: kadm_server.h,v 1.4 1998/02/25 15:50:33 art Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Definitions for Kerberos administration server & client
- */
-
-#ifndef KADM_SERVER_DEFS
-#define KADM_SERVER_DEFS
-
-/*
- * kadm_server.h
- * Header file for the fourth attempt at an admin server
- * Doug Church, December 28, 1989, MIT Project Athena
- * ps. Yes that means this code belongs to athena etc...
- * as part of our ongoing attempt to copyright all greek names
- */
-
-#include <sys/types.h>
-#include <kerberosIV/krb.h>
-#include <des.h>
-
-typedef struct {
- struct sockaddr_in admin_addr;
- struct sockaddr_in recv_addr;
- int recv_addr_len;
- int admin_fd; /* our link to clients */
- char sname[ANAME_SZ];
- char sinst[INST_SZ];
- char krbrlm[REALM_SZ];
- des_cblock master_key;
- des_cblock session_key;
- des_key_schedule master_key_schedule;
- long master_key_version;
-} Kadm_Server;
-
-#endif /* KADM_SERVER_DEFS */
diff --git a/kerberosIV/include/kafs_locl.h b/kerberosIV/include/kafs_locl.h
deleted file mode 100644
index 08fe2eee051..00000000000
--- a/kerberosIV/include/kafs_locl.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/* $OpenBSD: kafs_locl.h,v 1.3 1998/09/18 00:59:32 art Exp $ */
-/* $KTH: kafs_locl.h,v 1.7 1997/10/14 22:57:11 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __KAFS_LOCL_H__
-#define __KAFS_LOCL_H__
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <errno.h>
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/ioctl.h>
-#include <sys/filio.h>
-
-#include <sys/syscall.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-#include <netdb.h>
-
-#include <arpa/nameser.h>
-#include <resolv.h>
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/kafs.h>
-
-struct kafs_data;
-typedef int (*afslog_uid_func_t)(struct kafs_data*, const char*, uid_t);
-
-typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*,
- const char*, CREDENTIALS*);
-
-typedef char* (*get_realm_func_t)(struct kafs_data*, const char*);
-
-typedef struct kafs_data {
- afslog_uid_func_t afslog_uid;
- get_cred_func_t get_cred;
- get_realm_func_t get_realm;
- void *data;
-} kafs_data;
-
-int _kafs_afslog_all_local_cells(kafs_data*, uid_t);
-
-int _kafs_get_cred(kafs_data*, const char*, const char*, const char *,
- CREDENTIALS*);
-
-#endif /* __KAFS_LOCL_H__ */
diff --git a/kerberosIV/include/kdc.h b/kerberosIV/include/kdc.h
deleted file mode 100644
index d5f5c14dee8..00000000000
--- a/kerberosIV/include/kdc.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/* $OpenBSD: kdc.h,v 1.4 1998/02/25 15:50:34 art Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1987, 1988 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Include file for the Kerberos Key Distribution Center.
- */
-
-#ifndef KDC_DEFS
-#define KDC_DEFS
-
-#define S_AD_SZ sizeof(struct sockaddr_in)
-
-#define TRUE 1
-#define FALSE 0
-
-#define KRB_PROG "./kerberos"
-
-#define ONE_MINUTE 60
-#define FIVE_MINUTES (5 * ONE_MINUTE)
-#define ONE_HOUR (60 * ONE_MINUTE)
-#define ONE_DAY (24 * ONE_HOUR)
-#define THREE_DAYS (3 * ONE_DAY)
-
-#endif /* KDC_DEFS */
-
diff --git a/kerberosIV/include/kerberosIV/Makefile b/kerberosIV/include/kerberosIV/Makefile
deleted file mode 100644
index b2c3fb5ecac..00000000000
--- a/kerberosIV/include/kerberosIV/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
-# $Id: Makefile,v 1.8 1998/11/28 23:47:17 art Exp $
-
-FILES= acl.h kadm.h kafs.h kparse.h krb.h krb_db.h krb-protos.h site.h prot.h
-NOOBJ= noobj
-
-all include clean cleandir depend lint tags:
-
-includes:
- install -d -o ${BINOWN} -g ${BINGRP} -m 755 ${DESTDIR}/usr/include/kerberosIV
- @echo installing ${FILES}
- @-for i in ${FILES}; do \
- cmp -s $$i ${DESTDIR}/usr/include/kerberosIV/$$i || \
- ${INSTALL} ${INSTALL_COPY} -m 444 $$i ${DESTDIR}/usr/include/kerberosIV/$$i; \
- done
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/include/kerberosIV/acl.h b/kerberosIV/include/kerberosIV/acl.h
deleted file mode 100644
index db54fd165ef..00000000000
--- a/kerberosIV/include/kerberosIV/acl.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/* $OpenBSD: acl.h,v 1.5 1998/02/18 11:53:40 art Exp $ */
-/* $KTH: acl.h,v 1.5 1997/04/01 08:17:52 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __ACL_H
-#define __ACL_H
-
-void acl_canonicalize_principal __P((char *principal, char *canon));
-int acl_initialize __P((char *acl_file, int perm));
-int acl_exact_match __P((char *acl, char *principal));
-int acl_check __P((char *acl, char *principal));
-int acl_add __P((char *acl, char *principal));
-int acl_delete __P((char *acl, char *principal));
-
-#endif /* __ACL_H */
diff --git a/kerberosIV/include/kerberosIV/kadm.h b/kerberosIV/include/kerberosIV/kadm.h
deleted file mode 100644
index f56306bfd62..00000000000
--- a/kerberosIV/include/kerberosIV/kadm.h
+++ /dev/null
@@ -1,164 +0,0 @@
-/* $OpenBSD: kadm.h,v 1.5 1998/05/18 02:12:46 art Exp $ */
-/* $KTH: kadm.h,v 1.15 1998/04/23 22:17:52 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#ifndef KADM_DEFS
-#define KADM_DEFS
-
-/*
- * kadm.h
- * Header file for the fourth attempt at an admin server
- * Doug Church, December 28, 1989, MIT Project Athena
- */
-
-#include <kerberosIV/krb_db.h>
-
-/* The global structures for the client and server */
-typedef struct {
- struct sockaddr_in admin_addr;
- struct sockaddr_in my_addr;
- int my_addr_len;
- int admin_fd; /* file descriptor for link to admin server */
- char sname[ANAME_SZ]; /* the service name */
- char sinst[INST_SZ]; /* the services instance */
- char krbrlm[REALM_SZ];
-} Kadm_Client;
-
-typedef struct { /* status of the server, i.e the parameters */
- int inter; /* Space for command line flags */
- char *sysfile; /* filename of server */
-} admin_params; /* Well... it's the admin's parameters */
-
-/* Largest password length to be supported */
-#define MAX_KPW_LEN 128
-/* Minimum allowed password length */
-#define MIN_KPW_LEN 6
-
-/* Largest packet the admin server will ever allow itself to return */
-#define KADM_RET_MAX 2048
-
-/* That's right, versions are 8 byte strings */
-#define KADM_VERSTR "KADM0.0A"
-#define KADM_ULOSE "KYOULOSE" /* sent back when server can't
- decrypt client's msg */
-#define KADM_VERSIZE strlen(KADM_VERSTR)
-
-/* the lookups for the server instances */
-#define PWSERV_NAME "changepw"
-#define KADM_SNAME "kerberos_master"
-#define KADM_PORT 751
-#define KADM_SINST "kerberos"
-
-/* Attributes fields constants and macros */
-#define ALLOC 2
-#define RESERVED 3
-#define DEALLOC 4
-#define DEACTIVATED 5
-#define ACTIVE 6
-
-/* Kadm_vals structure for passing db fields into the server routines */
-#define FLDSZ 4
-
-typedef struct {
- u_int8_t fields[FLDSZ]; /* The active fields in this struct */
- char name[ANAME_SZ];
- char instance[INST_SZ];
- u_int32_t key_low;
- u_int32_t key_high;
- u_int32_t exp_date;
- u_int16_t attributes;
- u_int8_t max_life;
-} Kadm_vals; /* The basic values structure in Kadm */
-
-/* Need to define fields types here */
-#define KADM_NAME 31
-#define KADM_INST 30
-#define KADM_EXPDATE 29
-#define KADM_ATTR 28
-#define KADM_MAXLIFE 27
-#define KADM_DESKEY 26
-
-/* To set a field entry f in a fields structure d */
-#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8)))
-
-/* To set a field entry f in a fields structure d */
-#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8))))
-
-/* Is field f in fields structure d */
-#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8)))
-
-/* Various return codes */
-#define KADM_SUCCESS 0
-
-#define WILDCARD_STR "*"
-
-enum acl_types {
-ADDACL,
-GETACL,
-MODACL,
-STABACL, /* not used */
-DELACL
-};
-
-/* Various opcodes for the admin server's functions */
-#define CHANGE_PW 2
-#define ADD_ENT 3
-#define MOD_ENT 4
-#define GET_ENT 5
-#define CHECK_PW 6 /* not used */
-#define CHG_STAB 7 /* not used */
-#define DEL_ENT 8
-
-void prin_vals __P((Kadm_vals *));
-int stv_long __P((u_char *, u_int32_t *, int, int));
-int vts_long __P((u_int32_t, u_char **, int));
-int vts_string __P((char *, u_char **, int));
-int stv_string __P((u_char *, char *, int, int, int));
-
-int stream_to_vals __P((u_char *, Kadm_vals *, int));
-int vals_to_stream __P((Kadm_vals *, u_char **));
-
-int kadm_init_link __P((char *, char *, char *));
-int kadm_change_pw __P((unsigned char *));
-int kadm_change_pw_plain __P((unsigned char *, char *, char**));
-int kadm_change_pw2 __P((unsigned char *, char *, char**));
-int kadm_mod __P((Kadm_vals *, Kadm_vals *));
-int kadm_get __P((Kadm_vals *, u_char *));
-int kadm_add __P((Kadm_vals *));
-int kadm_del __P((Kadm_vals *));
-void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *));
-void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *));
-int kadm_check_pw __P((const char*));
-
-#endif /* KADM_DEFS */
diff --git a/kerberosIV/include/kerberosIV/kafs.h b/kerberosIV/include/kerberosIV/kafs.h
deleted file mode 100644
index f2cba1ed0d4..00000000000
--- a/kerberosIV/include/kerberosIV/kafs.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/* $OpenBSD: kafs.h,v 1.9 1998/09/18 00:54:32 art Exp $ */
-/* $KTH: kafs.h,v 1.28 1998/04/26 18:20:09 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __KAFS_H
-#define __KAFS_H
-
-/* XXX must include krb5.h or krb.h */
-
-/* sys/ioctl.h must be included manually before kafs.h */
-
-#include <xfs/xfs_pioctl.h>
-
-/* Use k_hasafs() to probe if the machine supports AFS syscalls.
- The other functions will generate a SIGSYS if AFS is not supported */
-
-int k_hasafs __P((void));
-
-int krb_afslog __P((const char *cell, const char *realm));
-int krb_afslog_uid __P((const char *cell, const char *realm, uid_t uid));
-/* compat */
-#define k_afsklog krb_afslog
-#define k_afsklog_uid krb_afslog_uid
-
-int k_pioctl __P((char *a_path,
- int o_opcode,
- struct ViceIoctl *a_paramsP,
- int a_followSymlinks));
-int k_unlog __P((void));
-int k_setpag __P((void));
-int k_afs_cell_of_file __P((const char *path, char *cell, int len));
-
-/* XXX */
-#ifdef KFAILURE
-#define KRB_H_INCLUDED
-#endif
-
-#ifdef KRB5_RECVAUTH_IGNORE_VERSION
-#define KRB5_H_INCLUDED
-#endif
-
-#ifdef KRB_H_INCLUDED
-int kafs_settoken __P((const char*, uid_t, CREDENTIALS*));
-#endif
-
-#ifdef KRB5_H_INCLUDED
-krb5_error_code krb5_afslog_uid __P((krb5_context, krb5_ccache,
- const char*, krb5_const_realm, uid_t));
-krb5_error_code krb5_afslog __P((krb5_context, krb5_ccache,
- const char*, krb5_const_realm));
-#endif
-
-
-#define _PATH_VICE "/usr/vice/etc/"
-#define _PATH_THISCELL _PATH_VICE "ThisCell"
-#define _PATH_CELLSERVDB _PATH_VICE "CellServDB"
-#define _PATH_THESECELLS _PATH_VICE "TheseCells"
-
-#define _PATH_ARLA_VICE "/etc/afs/"
-#define _PATH_ARLA_THISCELL _PATH_ARLA_VICE "ThisCell"
-#define _PATH_ARLA_CELLSERVDB _PATH_ARLA_VICE "CellServDB"
-#define _PATH_ARLA_THESECELLS _PATH_ARLA_VICE "TheseCells"
-
-extern int _kafs_debug;
-
-#endif /* __KAFS_H */
diff --git a/kerberosIV/include/kerberosIV/kparse.h b/kerberosIV/include/kerberosIV/kparse.h
deleted file mode 100644
index 0a4fd8bdbd6..00000000000
--- a/kerberosIV/include/kerberosIV/kparse.h
+++ /dev/null
@@ -1,109 +0,0 @@
-/* $OpenBSD: kparse.h,v 1.2 1998/02/18 11:53:41 art Exp $ */
-
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
-
-/*
- * Include file for kparse routines.
- */
-
-#ifndef KPARSE_DEFS
-#define KPARSE_DEFS
-
-/*
- * values returned by fGetParameterSet()
- */
-
-#define PS_BAD_KEYWORD -2 /* unknown or duplicate keyword */
-#define PS_SYNTAX -1 /* syntax error */
-#define PS_OKAY 0 /* got a complete parameter set */
-#define PS_EOF 1 /* nothing more in the file */
-
-/*
- * values returned by fGetKeywordValue()
- */
-
-#define KV_SYNTAX -2 /* syntax error */
-#define KV_EOF -1 /* nothing more in the file */
-#define KV_OKAY 0 /* got a keyword/value pair */
-#define KV_EOL 1 /* nothing more on this line */
-
-/*
- * values returned by fGetToken()
- */
-
-#define GTOK_BAD_QSTRING -1 /* newline found in quoted string */
-#define GTOK_EOF 0 /* end of file encountered */
-#define GTOK_QSTRING 1 /* quoted string */
-#define GTOK_STRING 2 /* unquoted string */
-#define GTOK_NUMBER 3 /* one or more digits */
-#define GTOK_PUNK 4 /* punks are punctuation, newline,
- * etc. */
-#define GTOK_WHITE 5 /* one or more whitespace chars */
-
-/*
- * extended character classification macros
- */
-
-#define ISOCTAL(CH) ( (CH>='0') && (CH<='7') )
-#define ISQUOTE(CH) ( (CH=='\"') || (CH=='\'') || (CH=='`') )
-#define ISWHITESPACE(C) ( (C==' ') || (C=='\t') )
-#define ISLINEFEED(C) ( (C=='\n') || (C=='\r') || (C=='\f') )
-
-/*
- * tokens consist of any printable charcacter except comma, equal, or
- * whitespace
- */
-
-#define ISTOKENCHAR(C) ((C>040) && (C<0177) && (C != ',') && (C != '='))
-
-/*
- * the parameter table defines the keywords that will be recognized by
- * fGetParameterSet, and their default values if not specified.
- */
-
-typedef struct {
- char *keyword;
- char *defvalue;
- char *value;
-} parmtable;
-
-#define PARMCOUNT(P) (sizeof(P)/sizeof(P[0]))
-
-extern int LineNbr; /* current line # in parameter file */
-
-extern char ErrorMsg[]; /*
- * meaningful only when KV_SYNTAX,
- * PS_SYNTAX, or PS_BAD_KEYWORD is
- * returned by fGetKeywordValue or
- * fGetParameterSet
- */
-
-#include <stdio.h>
-
-int fGetParameterSet __P((FILE *fp, parmtable *parm, int parmcount));
-int ParmCompare __P((parmtable *parm, int parmcount, char *keyword, char *value));
-void FreeParameterSet __P((parmtable *parm, int parmcount));
-int fGetKeywordValue __P((FILE *fp, char *keyword, int klen, char *value, int vlen));
-int fGetToken __P((FILE *fp, char *dest, int maxlen));
-int fGetLiteral __P((FILE *fp));
-int fUngetChar __P((int ch, FILE *fp));
-int fGetChar __P((FILE *fp));
-char * strsave __P((char *p));
-char * strutol __P((char *start));
-
-#endif /* KPARSE_DEFS */
diff --git a/kerberosIV/include/kerberosIV/krb-protos.h b/kerberosIV/include/kerberosIV/krb-protos.h
deleted file mode 100644
index 65866f461a9..00000000000
--- a/kerberosIV/include/kerberosIV/krb-protos.h
+++ /dev/null
@@ -1,741 +0,0 @@
-/* $OpenBSD: krb-protos.h,v 1.4 1998/07/07 19:07:53 art Exp $ */
-/* $KTH: krb-protos.h,v 1.7 1998/04/04 17:56:36 assar Exp $ */
-
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __krb_protos_h__
-#define __krb_protos_h__
-
-#include <stdarg.h>
-#include <time.h>
-#include <sys/time.h>
-
-#ifdef __GNUC__
-struct in_addr;
-struct sockaddr_in;
-#endif
-
-void
-afs_string_to_key __P((
- char *str,
- char *cell,
- des_cblock *key));
-
-int
-create_ciph __P((
- KTEXT c,
- unsigned char *session,
- char *service,
- char *instance,
- char *realm,
- u_int32_t life,
- int kvno,
- KTEXT tkt,
- u_int32_t kdc_time,
- des_cblock *key));
-
-void
-cr_err_reply __P((
- KTEXT pkt,
- char *pname,
- char *pinst,
- char *prealm,
- u_int32_t time_ws,
- u_int32_t e,
- char *e_string));
-
-int
-decomp_ticket __P((
- KTEXT tkt,
- unsigned char *flags,
- char *pname,
- char *pinstance,
- char *prealm,
- u_int32_t *paddress,
- unsigned char *session,
- int *life,
- u_int32_t *time_sec,
- char *sname,
- char *sinstance,
- des_cblock *key,
- des_key_schedule schedule));
-
-int
-dest_tkt __P((void));
-
-int
-get_ad_tkt __P((
- char *service,
- char *sinstance,
- char *realm,
- int lifetime));
-
-int
-getst __P((
- int fd,
- char *s,
- int n));
-
-int
-in_tkt __P((
- char *pname,
- char *pinst));
-
-int
-k_get_all_addrs __P((struct in_addr **l));
-
-int
-k_getportbyname __P((
- const char *service,
- const char *proto,
- int default_port));
-
-int
-k_getsockinst __P((
- int fd,
- char *inst,
- size_t inst_size));
-
-int
-k_isinst __P((char *s));
-
-int
-k_isname __P((char *s));
-
-int
-k_isrealm __P((char *s));
-
-struct tm *k_localtime __P((u_int32_t *tp));
-
-int
-kname_parse __P((
- char *np,
- char *ip,
- char *rp,
- char *fullname));
-
-int
-krb_atime_to_life __P((char *atime));
-
-int
-krb_check_auth __P((
- KTEXT packet,
- u_int32_t checksum,
- MSG_DAT *msg_data,
- des_cblock *session,
- struct des_ks_struct *schedule,
- struct sockaddr_in *laddr,
- struct sockaddr_in *faddr));
-
-int
-krb_check_tm __P((struct tm tm));
-
-KTEXT
-krb_create_death_packet __P((char *a_name));
-
-int
-krb_create_ticket __P((
- KTEXT tkt,
- unsigned char flags,
- char *pname,
- char *pinstance,
- char *prealm,
- int32_t paddress,
- void *session,
- int16_t life,
- int32_t time_sec,
- char *sname,
- char *sinstance,
- des_cblock *key));
-
-int
-krb_decode_as_rep __P((
- char *user,
- char *instance,
- char *realm,
- char *service,
- char *sinstance,
- key_proc_t key_proc,
- decrypt_proc_t decrypt_proc,
- void *arg,
- KTEXT as_rep,
- CREDENTIALS *cred));
-
-int
-krb_enable_debug __P((void));
-
-int
-krb_equiv __P((
- u_int32_t a,
- u_int32_t b));
-
-int
-krb_get_address __P((
- void *from,
- u_int32_t *to));
-
-int
-krb_get_admhst __P((
- char *host,
- char *realm,
- int nth));
-
-int
-krb_get_config_bool __P((const char *variable));
-
-const char *
-krb_get_config_string __P((const char *variable));
-
-int
-krb_get_cred __P((
- char *service,
- char *instance,
- char *realm,
- CREDENTIALS *c));
-
-int
-krb_get_default_principal __P((
- char *name,
- char *instance,
- char *realm));
-
-char *
-krb_get_default_realm __P((void));
-
-const char *
-krb_get_err_text __P((int code));
-
-struct krb_host*
-krb_get_host __P((
- int nth,
- char *realm,
- int admin));
-
-int
-krb_get_in_tkt __P((
- char *user,
- char *instance,
- char *realm,
- char *service,
- char *sinstance,
- int life,
- key_proc_t key_proc,
- decrypt_proc_t decrypt_proc,
- void *arg));
-
-int
-krb_get_int __P((
- void *f,
- u_int32_t *to,
- int size,
- int lsb));
-
-int
-krb_get_kdc_time_diff __P((void));
-
-int
-krb_get_krbconf __P((
- int num,
- char *buf,
- size_t len));
-
-int
-krb_get_krbextra __P((
- int num,
- char *buf,
- size_t len));
-
-int
-krb_get_krbhst __P((
- char *host,
- char *realm,
- int nth));
-
-int
-krb_get_krbrealms __P((
- int num,
- char *buf,
- size_t len));
-
-int
-krb_get_lrealm __P((
- char *r,
- int n));
-
-int
-krb_get_nir __P((
- void *from,
- char *name,
- char *instance,
- char *realm));
-
-char *
-krb_get_phost __P((const char *alias));
-
-int
-krb_get_pw_in_tkt __P((
- char *user,
- char *instance,
- char *realm,
- char *service,
- char *sinstance,
- int life,
- char *password));
-
-int
-krb_get_pw_in_tkt2 __P((
- char *user,
- char *instance,
- char *realm,
- char *service,
- char *sinstance,
- int life,
- char *password,
- des_cblock *key));
-
-int
-krb_get_string __P((
- void *from,
- char *to));
-
-int
-krb_get_svc_in_tkt __P((
- char *user,
- char *instance,
- char *realm,
- char *service,
- char *sinstance,
- int life,
- char *srvtab));
-
-int
-krb_get_tf_fullname __P((
- char *ticket_file,
- char *name,
- char *instance,
- char *realm));
-
-int
-krb_get_tf_realm __P((
- char *ticket_file,
- char *realm));
-
-void
-krb_kdctimeofday __P((struct timeval *tv));
-
-int
-krb_kntoln __P((
- AUTH_DAT *ad,
- char *lname));
-
-int
-krb_kuserok __P((
- char *name,
- char *instance,
- char *realm,
- char *luser));
-
-char *
-krb_life_to_atime __P((int life));
-
-u_int32_t
-krb_life_to_time __P((
- u_int32_t start,
- int life_));
-
-int
-krb_lsb_antinet_ulong_cmp __P((
- u_int32_t x,
- u_int32_t y));
-
-int
-krb_lsb_antinet_ushort_cmp __P((
- u_int16_t x,
- u_int16_t y));
-
-int
-krb_mk_as_req __P((
- char *user,
- char *instance,
- char *realm,
- char *service,
- char *sinstance,
- int life,
- KTEXT cip));
-
-int
-krb_mk_auth __P((
- int32_t options,
- KTEXT ticket,
- char *service,
- char *instance,
- char *realm,
- u_int32_t checksum,
- char *version,
- KTEXT buf));
-
-int32_t
-krb_mk_err __P((
- u_char *p,
- int32_t e,
- char *e_string));
-
-int32_t
-krb_mk_priv __P((
- void *in,
- void *out,
- u_int32_t length,
- struct des_ks_struct *schedule,
- des_cblock *key,
- struct sockaddr_in *sender,
- struct sockaddr_in *receiver));
-
-int
-krb_mk_req __P((
- KTEXT authent,
- char *service,
- char *instance,
- char *realm,
- int32_t checksum));
-
-int32_t
-krb_mk_safe __P((
- void *in,
- void *out,
- u_int32_t length,
- des_cblock *key,
- struct sockaddr_in *sender,
- struct sockaddr_in *receiver));
-
-int
-krb_net_read __P((
- int fd,
- void *v,
- size_t len));
-
-int
-krb_net_write __P((
- int fd,
- const void *v,
- size_t len));
-
-int
-krb_parse_name __P((
- const char *fullname,
- krb_principal *principal));
-
-int
-krb_put_address __P((
- u_int32_t addr,
- void *to));
-
-int
-krb_put_int __P((
- u_int32_t from,
- void *to,
- int size));
-
-int
-krb_put_nir __P((
- char *name,
- char *instance,
- char *realm,
- void *to));
-
-int
-krb_put_string __P((
- char *from,
- void *to));
-
-int
-krb_rd_err __P((
- u_char *in,
- u_int32_t in_length,
- int32_t *code,
- MSG_DAT *m_data));
-
-int32_t
-krb_rd_priv __P((
- void *in,
- u_int32_t in_length,
- struct des_ks_struct *schedule,
- des_cblock *key,
- struct sockaddr_in *sender,
- struct sockaddr_in *receiver,
- MSG_DAT *m_data));
-
-int
-krb_rd_req __P((
- KTEXT authent,
- char *service,
- char *instance,
- int32_t from_addr,
- AUTH_DAT *ad,
- char *fn));
-
-int32_t
-krb_rd_safe __P((
- void *in,
- u_int32_t in_length,
- des_cblock *key,
- struct sockaddr_in *sender,
- struct sockaddr_in *receiver,
- MSG_DAT *m_data));
-
-int
-krb_realm_parse __P((
- char *realm,
- int length));
-
-char *
-krb_realmofhost __P((const char *host));
-
-int
-krb_recvauth __P((
- int32_t options,
- int fd,
- KTEXT ticket,
- char *service,
- char *instance,
- struct sockaddr_in *faddr,
- struct sockaddr_in *laddr,
- AUTH_DAT *kdata,
- char *filename,
- struct des_ks_struct *schedule,
- char *version));
-
-int
-krb_sendauth __P((
- int32_t options,
- int fd,
- KTEXT ticket,
- char *service,
- char *instance,
- char *realm,
- u_int32_t checksum,
- MSG_DAT *msg_data,
- CREDENTIALS *cred,
- struct des_ks_struct *schedule,
- struct sockaddr_in *laddr,
- struct sockaddr_in *faddr,
- char *version));
-
-void
-krb_set_kdc_time_diff __P((int diff));
-
-int
-krb_set_key __P((
- void *key,
- int cvt));
-
-int
-krb_set_lifetime __P((int newval));
-
-void
-krb_set_tkt_string __P((const char *val));
-
-const char *
-krb_stime __P((time_t *t));
-
-int
-krb_time_to_life __P((
- u_int32_t start,
- u_int32_t end));
-
-char *
-krb_unparse_name __P((krb_principal *pr));
-
-char *
-krb_unparse_name_long __P((
- char *name,
- char *instance,
- char *realm));
-
-char *
-krb_unparse_name_long_r __P((
- char *name,
- char *instance,
- char *realm,
- char *fullname));
-
-char *
-krb_unparse_name_r __P((
- krb_principal *pr,
- char *fullname));
-
-int
-krb_use_admin_server __P((int flag));
-
-int
-krb_verify_user __P((
- char *name,
- char *instance,
- char *realm,
- char *password,
- int secure,
- char *linstance));
-
-int
-krb_verify_user_srvtab __P((
- char *name,
- char *instance,
- char *realm,
- char *password,
- int secure,
- char *linstance,
- char *srvtab));
-
-int
-kuserok __P((
- AUTH_DAT *auth,
- char *luser));
-
-u_int32_t
-lsb_time __P((
- time_t t,
- struct sockaddr_in *src,
- struct sockaddr_in *dst));
-
-const char *month_sname __P((int n));
-
-int
-passwd_to_5key __P((
- char *user,
- char *instance,
- char *realm,
- void *passwd,
- des_cblock *key));
-
-int
-passwd_to_afskey __P((
- char *user,
- char *instance,
- char *realm,
- void *passwd,
- des_cblock *key));
-
-int
-passwd_to_key __P((
- char *user,
- char *instance,
- char *realm,
- void *passwd,
- des_cblock *key));
-
-int
-read_service_key __P((
- char *service,
- char *instance,
- char *realm,
- int kvno,
- char *file,
- char *key));
-
-int
-save_credentials __P((
- char *service,
- char *instance,
- char *realm,
- unsigned char *session,
- int lifetime,
- int kvno,
- KTEXT ticket,
- int32_t issue_date));
-
-int
-send_to_kdc __P((
- KTEXT pkt,
- KTEXT rpkt,
- char *realm));
-
-int
-srvtab_to_key __P((
- char *user,
- char *instance,
- char *realm,
- void *srvtab,
- des_cblock *key));
-
-void
-tf_close __P((void));
-
-int
-tf_create __P((char *tf_name));
-
-int
-tf_get_cred __P((CREDENTIALS *c));
-
-int
-tf_get_pinst __P((char *inst));
-
-int
-tf_get_pname __P((char *p));
-
-int
-tf_init __P((
- char *tf_name,
- int rw));
-
-int
-tf_put_pinst __P((char *inst));
-
-int
-tf_put_pname __P((char *p));
-
-int
-tf_save_cred __P((
- char *service,
- char *instance,
- char *realm,
- unsigned char *session,
- int lifetime,
- int kvno,
- KTEXT ticket,
- u_int32_t issue_date));
-
-int
-tf_setup __P((
- CREDENTIALS *cred,
- char *pname,
- char *pinst));
-
-char *
-tkt_string __P((void));
-
-#endif /* __krb_protos_h__ */
diff --git a/kerberosIV/include/kerberosIV/krb.h b/kerberosIV/include/kerberosIV/krb.h
deleted file mode 100644
index 2041cd26f91..00000000000
--- a/kerberosIV/include/kerberosIV/krb.h
+++ /dev/null
@@ -1,340 +0,0 @@
-/* $OpenBSD: krb.h,v 1.8 1998/05/18 02:12:43 art Exp $ */
-/* $KTH: krb.h,v 1.92 1998/05/13 18:57:32 assar Exp $ */
-
-/*
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
-
-/*
- * Include file for the Kerberos library.
- */
-
-#include <sys/cdefs.h>
-#include <sys/types.h>
-
-#ifndef __KRB_H__
-#define __KRB_H__
-
-__BEGIN_DECLS
-
-/* Include site.h file to define paths */
-#include <kerberosIV/site.h>
-
-/* Need some defs from des.h */
-#include <des.h>
-
-/* CNS compatibility ahead! */
-#ifndef KRB_INT32
-#define KRB_INT32 int32_t
-#endif
-#ifndef KRB_UINT32
-#define KRB_UINT32 u_int32_t
-#endif
-
-/* Global library variables. */
-extern int krb_ignore_ip_address; /* To turn off IP address comparison */
-extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */
-extern int krbONE;
-#define HOST_BYTE_ORDER (* (char *) &krbONE)
-
-/* Debug variables */
-extern int krb_debug;
-extern int krb_ap_req_debug;
-extern int krb_dns_debug;
-
-/* Text describing error codes */
-#define MAX_KRB_ERRORS 256
-extern const char *krb_err_txt[MAX_KRB_ERRORS];
-
-/* General definitions */
-#define KSUCCESS 0
-#define KFAILURE 255
-
-/*
- * Kerberos specific definitions
- *
- * KRBLOG is the log file for the kerberos master server. KRB_CONF is
- * the configuration file where different host machines running master
- * and slave servers can be found. KRB_MASTER is the name of the
- * machine with the master database. The admin_server runs on this
- * machine, and all changes to the db (as opposed to read-only
- * requests, which can go to slaves) must go to it. KRB_HOST is the
- * default machine * when looking for a kerberos slave server. Other
- * possibilities are * in the KRB_CONF file. KRB_REALM is the name of
- * the realm.
- */
-
-/* /etc/kerberosIV is only for backwards compatibility, don't use it! */
-#ifndef KRB_CONF
-#define KRB_CONF "/etc/krb.conf"
-#endif
-#ifndef KRB_RLM_TRANS
-#define KRB_RLM_TRANS "/etc/krb.realms"
-#endif
-#ifndef KRB_CNF_FILES
-#define KRB_CNF_FILES { KRB_CONF, "/etc/kerberosIV/krb.conf", 0}
-#endif
-#ifndef KRB_RLM_FILES
-#define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/kerberosIV/krb.realms", 0}
-#endif
-#ifndef KRB_EQUIV
-#define KRB_EQUIV "/etc/krb.equiv"
-#endif
-#define KRB_MASTER "kerberos"
-#ifndef KRB_REALM
-#define KRB_REALM (krb_get_default_realm())
-#endif
-
-/* The maximum sizes for aname, realm, sname, and instance +1 */
-#define ANAME_SZ 40
-#define REALM_SZ 40
-#define SNAME_SZ 40
-#define INST_SZ 40
-/* Leave space for quoting */
-#define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3)
-#define KKEY_SZ 100
-#define VERSION_SZ 1
-#define MSG_TYPE_SZ 1
-#define DATE_SZ 26 /* RTI date output */
-
-#define MAX_HSTNM 100 /* for compatibility */
-
-typedef struct krb_principal{
- char name[ANAME_SZ];
- char instance[INST_SZ];
- char realm[REALM_SZ];
-}krb_principal;
-
-#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
-/* default lifetime for krb_mk_req & co., 10 hrs */
-#define DEFAULT_TKT_LIFE 120
-#endif
-
-#define KRB_TICKET_GRANTING_TICKET "krbtgt"
-
-/* Definition of text structure used to pass text around */
-#define MAX_KTXT_LEN 1250
-
-struct ktext {
- unsigned int length; /* Length of the text */
- unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
- u_int32_t mbz; /* zero to catch runaway strings */
-};
-
-typedef struct ktext *KTEXT;
-typedef struct ktext KTEXT_ST;
-
-
-/* Definitions for send_to_kdc */
-#define CLIENT_KRB_TIMEOUT 4 /* time between retries */
-#define CLIENT_KRB_RETRY 5 /* retry this many times */
-#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */
-
-/* Definitions for ticket file utilities */
-#define R_TKT_FIL 0
-#define W_TKT_FIL 1
-
-/* Parameters for rd_ap_req */
-/* Maximum alloable clock skew in seconds */
-#define CLOCK_SKEW 5*60
-/* Filename for readservkey */
-#ifndef KEYFILE
-#define KEYFILE "/etc/srvtab"
-#endif
-
-/* Structure definition for rd_ap_req */
-
-struct auth_dat {
- unsigned char k_flags; /* Flags from ticket */
- char pname[ANAME_SZ]; /* Principal's name */
- char pinst[INST_SZ]; /* His Instance */
- char prealm[REALM_SZ]; /* His Realm */
- u_int32_t checksum; /* Data checksum (opt) */
- des_cblock session; /* Session Key */
- int life; /* Life of ticket */
- u_int32_t time_sec; /* Time ticket issued */
- u_int32_t address; /* Address in ticket */
- KTEXT_ST reply; /* Auth reply (opt) */
-};
-
-typedef struct auth_dat AUTH_DAT;
-
-/* Structure definition for credentials returned by get_cred */
-
-struct credentials {
- char service[ANAME_SZ]; /* Service name */
- char instance[INST_SZ]; /* Instance */
- char realm[REALM_SZ]; /* Auth domain */
- des_cblock session; /* Session key */
- int lifetime; /* Lifetime */
- int kvno; /* Key version number */
- KTEXT_ST ticket_st; /* The ticket itself */
- int32_t issue_date; /* The issue time */
- char pname[ANAME_SZ]; /* Principal's name */
- char pinst[INST_SZ]; /* Principal's instance */
-};
-
-typedef struct credentials CREDENTIALS;
-
-/* Structure definition for rd_private_msg and rd_safe_msg */
-
-struct msg_dat {
- unsigned char *app_data; /* pointer to appl data */
- u_int32_t app_length; /* length of appl data */
- u_int32_t hash; /* hash to lookup replay */
- int swap; /* swap bytes? */
- int32_t time_sec; /* msg timestamp seconds */
- unsigned char time_5ms; /* msg timestamp 5ms units */
-};
-
-typedef struct msg_dat MSG_DAT;
-
-struct krb_host {
- char *realm;
- char *host;
- enum krb_host_proto { PROTO_UDP, PROTO_TCP, PROTO_HTTP } proto;
- int port;
- int admin;
-};
-
-/* Location of ticket file for save_cred and get_cred */
-#define TKT_FILE tkt_string()
-#define TKT_ROOT "/tmp/tkt"
-
-/* Error codes returned from the KDC */
-#define KDC_OK 0 /* Request OK */
-#define KDC_NAME_EXP 1 /* Principal expired */
-#define KDC_SERVICE_EXP 2 /* Service expired */
-#define KDC_AUTH_EXP 3 /* Auth expired */
-#define KDC_PKT_VER 4 /* Protocol version unknown */
-#define KDC_P_MKEY_VER 5 /* Wrong master key version */
-#define KDC_S_MKEY_VER 6 /* Wrong master key version */
-#define KDC_BYTE_ORDER 7 /* Byte order unknown */
-#define KDC_PR_UNKNOWN 8 /* Principal unknown */
-#define KDC_PR_N_UNIQUE 9 /* Principal not unique */
-#define KDC_NULL_KEY 10 /* Principal has null key */
-#define KDC_GEN_ERR 20 /* Generic error from KDC */
-
-
-/* Values returned by get_credentials */
-#define GC_OK 0 /* Retrieve OK */
-#define RET_OK 0 /* Retrieve OK */
-#define GC_TKFIL 21 /* Can't read ticket file */
-#define RET_TKFIL 21 /* Can't read ticket file */
-#define GC_NOTKT 22 /* Can't find ticket or TGT */
-#define RET_NOTKT 22 /* Can't find ticket or TGT */
-
-
-/* Values returned by mk_ap_req */
-#define MK_AP_OK 0 /* Success */
-#define MK_AP_TGTEXP 26 /* TGT Expired */
-
-/* Values returned by rd_ap_req */
-#define RD_AP_OK 0 /* Request authentic */
-#define RD_AP_UNDEC 31 /* Can't decode authenticator */
-#define RD_AP_EXP 32 /* Ticket expired */
-#define RD_AP_NYV 33 /* Ticket not yet valid */
-#define RD_AP_REPEAT 34 /* Repeated request */
-#define RD_AP_NOT_US 35 /* The ticket isn't for us */
-#define RD_AP_INCON 36 /* Request is inconsistent */
-#define RD_AP_TIME 37 /* delta_t too big */
-#define RD_AP_BADD 38 /* Incorrect net address */
-#define RD_AP_VERSION 39 /* protocol version mismatch */
-#define RD_AP_MSG_TYPE 40 /* invalid msg type */
-#define RD_AP_MODIFIED 41 /* message stream modified */
-#define RD_AP_ORDER 42 /* message out of order */
-#define RD_AP_UNAUTHOR 43 /* unauthorized request */
-
-/* Values returned by get_pw_tkt */
-#define GT_PW_OK 0 /* Got password changing tkt */
-#define GT_PW_NULL 51 /* Current PW is null */
-#define GT_PW_BADPW 52 /* Incorrect current password */
-#define GT_PW_PROT 53 /* Protocol Error */
-#define GT_PW_KDCERR 54 /* Error returned by KDC */
-#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */
-
-
-/* Values returned by send_to_kdc */
-#define SKDC_OK 0 /* Response received */
-#define SKDC_RETRY 56 /* Retry count exceeded */
-#define SKDC_CANT 57 /* Can't send request */
-
-/*
- * Values returned by get_intkt
- * (can also return SKDC_* and KDC errors)
- */
-
-#define INTK_OK 0 /* Ticket obtained */
-#define INTK_W_NOTALL 61 /* Not ALL tickets returned */
-#define INTK_BADPW 62 /* Incorrect password */
-#define INTK_PROT 63 /* Protocol Error */
-#define INTK_ERR 70 /* Other error */
-
-/* Values returned by get_adtkt */
-#define AD_OK 0 /* Ticket Obtained */
-#define AD_NOTGT 71 /* Don't have tgt */
-#define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */
-
-/* Error codes returned by ticket file utilities */
-#define NO_TKT_FIL 76 /* No ticket file found */
-#define TKT_FIL_ACC 77 /* Couldn't access tkt file */
-#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */
-#define TKT_FIL_FMT 79 /* Bad ticket file format */
-#define TKT_FIL_INI 80 /* tf_init not called first */
-
-/* Error code returned by kparse_name */
-#define KNAME_FMT 81 /* Bad Kerberos name format */
-
-/* Error code returned by krb_mk_safe */
-#define SAFE_PRIV_ERROR -1 /* syscall error */
-
-/* Defines for krb_sendauth and krb_recvauth */
-
-#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */
-#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */
-
-#define KOPT_DONT_CANON 0x00000004 /*
- * don't canonicalize inst as
- * a hostname
- */
-
-#define KOPT_IGNORE_PROTOCOL 0x0008
-
-#define KRB_SENDAUTH_VLEN 8 /* length for version strings */
-
-
-/* File locking */
-#define K_LOCK_SH 1 /* Shared lock */
-#define K_LOCK_EX 2 /* Exclusive lock */
-#define K_LOCK_NB 4 /* Don't block when locking */
-#define K_LOCK_UN 8 /* Unlock */
-
-extern char *krb4_version;
-
-typedef int (*key_proc_t) __P((char*, char*, char*, void*, des_cblock*));
-
-typedef int (*decrypt_proc_t) __P((char*, char*, char*, void*,
- key_proc_t, KTEXT*));
-
-#include <kerberosIV/krb-protos.h>
-
-/* This shouldn't be here */
-
-char *strtok_r __P((char *s1, const char *s2, char **lasts));
-
-__END_DECLS
-
-#endif /* __KRB_H__ */
diff --git a/kerberosIV/include/kerberosIV/krb_db.h b/kerberosIV/include/kerberosIV/krb_db.h
deleted file mode 100644
index 7176ab38fb9..00000000000
--- a/kerberosIV/include/kerberosIV/krb_db.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/* $OpenBSD: krb_db.h,v 1.4 1998/02/25 15:50:42 art Exp $ */
-/* $KTH: krb_db.h,v 1.15 1996/12/17 20:34:32 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1987, 1988 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * spm Project Athena 8/85
- *
- * This file defines data structures for the kerberos
- * authentication/authorization database.
- *
- * They MUST correspond to those defined in *.rel
- */
-
-#ifndef KRB_DB_DEFS
-#define KRB_DB_DEFS
-
-#include <stdio.h>
-
-#define KERB_M_NAME "K" /* Kerberos */
-#define KERB_M_INST "M" /* Master */
-#define KERB_DEFAULT_NAME "default"
-#define KERB_DEFAULT_INST ""
-#ifndef DB_DIR
-#define DB_DIR "/var/kerberos"
-#endif
-#ifndef DBM_FILE
-#define DBM_FILE DB_DIR "/principal"
-#endif
-
-/* this also defines the number of queue headers */
-#define KERB_DB_HASH_MODULO 64
-
-
-/* Arguments to kerb_dbl_lock() */
-
-#define KERB_DBL_EXCLUSIVE 1
-#define KERB_DBL_SHARED 0
-
-/* arguments to kerb_db_set_lockmode() */
-
-#define KERB_DBL_BLOCKING 0
-#define KERB_DBL_NONBLOCKING 1
-
-/* arguments to kdb_get_master_key */
-
-#define KDB_GET_PROMPT 1
-#define KDB_GET_TWICE 2
-
-/* Principal defines the structure of a principal's name */
-
-typedef struct {
- char name[ANAME_SZ];
- char instance[INST_SZ];
-
- u_int32_t key_low;
- u_int32_t key_high;
- u_int32_t exp_date;
- char exp_date_txt[DATE_SZ];
- u_int32_t mod_date;
- char mod_date_txt[DATE_SZ];
- u_int16_t attributes;
- u_int8_t max_life;
- u_int8_t kdc_key_ver;
- u_int8_t key_version;
-
- char mod_name[ANAME_SZ];
- char mod_instance[INST_SZ];
- char *old; /* cast to (Principal *); not in db,
- * ptr to old vals */
-} Principal;
-
-typedef struct {
- int32_t cpu;
- int32_t elapsed;
- int32_t dio;
- int32_t pfault;
- int32_t t_stamp;
- int32_t n_retrieve;
- int32_t n_replace;
- int32_t n_append;
- int32_t n_get_stat;
- int32_t n_put_stat;
-} DB_stat;
-
-/* Dba defines the structure of a database administrator */
-
-typedef struct {
- char name[ANAME_SZ];
- char instance[INST_SZ];
- u_int16_t attributes;
- u_int32_t exp_date;
- char exp_date_txt[DATE_SZ];
- char *old; /*
- * cast to (Dba *); not in db, ptr to
- * old vals
- */
-} Dba;
-
-typedef int (*k_iter_proc_t)(void*, Principal*);
-
-void copy_from_key __P((des_cblock in, u_int32_t *lo, u_int32_t *hi));
-void copy_to_key __P((u_int32_t *lo, u_int32_t *hi, des_cblock out));
-
-void kdb_encrypt_key __P((des_cblock *, des_cblock *, des_cblock *,
- des_key_schedule, int));
-int kdb_get_master_key __P((int prompt, des_cblock *master_key,
- des_key_schedule master_key_sched));
-int kdb_get_new_master_key __P((des_cblock *, des_key_schedule, int));
-int kdb_kstash __P((des_cblock *, char *));
-int kdb_new_get_master_key __P((des_cblock *, des_key_schedule));
-int kdb_new_get_new_master_key __P((des_cblock *key, des_key_schedule schedule, int verify));
-long kdb_verify_master_key __P((des_cblock *, des_key_schedule, FILE *));
-long *kerb_db_begin_update __P((void));
-int kerb_db_create __P((char *db_name));
-int kerb_db_delete_principal (char *name, char *inst);
-void kerb_db_end_update __P((long *db));
-int kerb_db_get_dba __P((char *, char *, Dba *, unsigned, int *));
-void kerb_db_get_stat __P((DB_stat *));
-int kerb_db_iterate __P((k_iter_proc_t, void*));
-int kerb_db_put_principal __P((Principal *, unsigned int));
-void kerb_db_put_stat __P((DB_stat *));
-int kerb_db_rename __P((char *, char *));
-int kerb_db_set_lockmode __P((int));
-int kerb_db_set_name __P((char *));
-int kerb_db_update __P((long *db, Principal *principal, unsigned int max));
-int kerb_delete_principal __P((char *name, char *inst));
-void kerb_fini __P((void));
-int kerb_get_dba __P((char *, char *, Dba *, unsigned int, int *));
-time_t kerb_get_db_age __P((void));
-int kerb_get_principal __P((char *, char *, Principal *, unsigned int, int *));
-int kerb_init __P((void));
-int kerb_put_principal __P((Principal *, unsigned int));
-
-#endif /* KRB_DB_DEFS */
diff --git a/kerberosIV/include/kerberosIV/prot.h b/kerberosIV/include/kerberosIV/prot.h
deleted file mode 100644
index c6e73927a03..00000000000
--- a/kerberosIV/include/kerberosIV/prot.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/* $OpenBSD: prot.h,v 1.1 1998/11/28 23:41:01 art Exp $ */
-/* $KTH: prot.h,v 1.7 1997/03/23 03:52:27 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#ifndef PROT_DEFS
-#define PROT_DEFS
-
-#define KRB_SERVICE "kerberos-iv"
-#define KRB_PORT 750 /* PC's don't have
- * /etc/services */
-#define KRB_PROT_VERSION 4
-#define MAX_PKT_LEN 1000
-#define MAX_TXT_LEN 1000
-
-/* Routines to create and read packets may be found in prot.c */
-
-KTEXT create_auth_reply(char *pname, char *pinst, char *prealm,
- int32_t time_ws, int n, u_int32_t x_date,
- int kvno, KTEXT cipher);
-#ifdef DEBUG
-KTEXT krb_create_death_packet(char *a_name);
-#endif
-
-/* Message types , always leave lsb for byte order */
-
-#define AUTH_MSG_KDC_REQUEST (1<<1)
-#define AUTH_MSG_KDC_REPLY (2<<1)
-#define AUTH_MSG_APPL_REQUEST (3<<1)
-#define AUTH_MSG_APPL_REQUEST_MUTUAL (4<<1)
-#define AUTH_MSG_ERR_REPLY (5<<1)
-#define AUTH_MSG_PRIVATE (6<<1)
-#define AUTH_MSG_SAFE (7<<1)
-#define AUTH_MSG_APPL_ERR (8<<1)
-#define AUTH_MSG_KDC_FORWARD (9<<1)
-#define AUTH_MSG_KDC_RENEW (10<<1)
-#define AUTH_MSG_DIE (63<<1)
-
-/* values for kerb error codes */
-
-#define KERB_ERR_OK 0
-#define KERB_ERR_NAME_EXP 1
-#define KERB_ERR_SERVICE_EXP 2
-#define KERB_ERR_AUTH_EXP 3
-#define KERB_ERR_PKT_VER 4
-#define KERB_ERR_NAME_MAST_KEY_VER 5
-#define KERB_ERR_SERV_MAST_KEY_VER 6
-#define KERB_ERR_BYTE_ORDER 7
-#define KERB_ERR_PRINCIPAL_UNKNOWN 8
-#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
-#define KERB_ERR_NULL_KEY 10
-#define KERB_ERR_TIMEOUT 11
-
-/* sendauth - recvauth */
-
-/*
- * If the protocol changes, you will need to change the version string
- * be sure to support old versions of krb_sendauth!
- */
-
-#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */
-
-#endif /* PROT_DEFS */
diff --git a/kerberosIV/include/kerberosIV/site.h b/kerberosIV/include/kerberosIV/site.h
deleted file mode 100644
index 31235f4ae86..00000000000
--- a/kerberosIV/include/kerberosIV/site.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* $OpenBSD: site.h,v 1.5 1999/08/20 11:00:32 art Exp $ */
-
-/*
- * Site-specific definitions.
- */
-
-#ifndef SITE_H
-#define SITE_H
-
-/*
- * Location of common files.
- */
-#define KRB_CONF "/etc/kerberosIV/krb.conf"
-#define KRB_RLM_TRANS "/etc/kerberosIV/krb.realms"
-#define KRB_ACL "/etc/kerberosIV/kerberos.acl"
-#define MKEYFILE "/etc/kerberosIV/master_key"
-#define KEYFILE "/etc/kerberosIV/srvtab"
-#define DBM_FILE "/etc/kerberosIV/principal"
-
-#define K_LOGFIL "/var/log/kpropd.log"
-#define KS_LOGFIL "/var/log/kerberos_slave.log"
-#define KRBLOG "/var/log/kerberos.log" /* master server */
-#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* master (?) server */
-
-/* from: kadm_server.h */
-/* the default syslog file */
-#define KADM_SYSLOG "/var/log/admin_server.log"
-
-/* used by kdb_init.c */
-/* The default expire time for principals created by kadmind */
-/* The time "1104555599" gives a date of: Sat Jan 1 04:59:59 2005 */
-#define KDBINIT_EXPDATE 1104555599
-#define KDBINIT_EXPDATE_TXT "12/31/04"
-
-#define DEFAULT_ACL_DIR "/etc/kerberosIV/"
-/* These get appended to DEFAULT_ACL_DIR */
-#define ADD_ACL_FILE "admin_acl.add"
-#define GET_ACL_FILE "admin_acl.get"
-#define MOD_ACL_FILE "admin_acl.mod"
-#define DEL_ACL_FILE "admin_acl.del"
-
-/*
- * Set ORGANIZATION to be the desired organization string printed
- * by the 'kinit' program. It may have spaces.
- */
-#define ORGANIZATION "The OpenBSD Project"
-
-#endif
diff --git a/kerberosIV/include/klog.h b/kerberosIV/include/klog.h
deleted file mode 100644
index a531152a603..00000000000
--- a/kerberosIV/include/klog.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/* $OpenBSD: klog.h,v 1.4 1998/02/25 15:50:36 art Exp $ */
-/* $KTH: klog.h,v 1.5 1997/05/11 11:05:28 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * This file defines the types of log messages logged by klog. Each
- * type of message may be selectively turned on or off.
- */
-
-#ifndef KLOG_DEFS
-#define KLOG_DEFS
-
-#ifndef KRBLOG
-#define KRBLOG "/var/log/kerberos.log" /* master server */
-#endif
-#ifndef KRBSLAVELOG
-#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */
-#endif
-#define NLOGTYPE 100 /* Maximum number of log msg types */
-
-#define L_NET_ERR 1 /* Error in network code */
-#define L_NET_INFO 2 /* Info on network activity */
-#define L_KRB_PERR 3 /* Kerberos protocol errors */
-#define L_KRB_PINFO 4 /* Kerberos protocol info */
-#define L_INI_REQ 5 /* Request for initial ticket */
-#define L_NTGT_INTK 6 /* Initial request not for TGT */
-#define L_DEATH_REQ 7 /* Request for server death */
-#define L_TKT_REQ 8 /* All ticket requests using a tgt */
-#define L_ERR_SEXP 9 /* Service expired */
-#define L_ERR_MKV 10 /* Master key version incorrect */
-#define L_ERR_NKY 11 /* User's key is null */
-#define L_ERR_NUN 12 /* Principal not unique */
-#define L_ERR_UNK 13 /* Principal Unknown */
-#define L_ALL_REQ 14 /* All requests */
-#define L_APPL_REQ 15 /* Application requests (using tgt) */
-#define L_KRB_PWARN 16 /* Protocol warning messages */
-
-char * klog __P((int type, const char *format, ...))
-#ifdef __GNUC__
-__attribute__ ((format (printf, 2, 3)))
-#endif
-;
-
-#endif /* KLOG_DEFS */
diff --git a/kerberosIV/include/kprop.h b/kerberosIV/include/kprop.h
deleted file mode 100644
index 6cb7fa0f3fb..00000000000
--- a/kerberosIV/include/kprop.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* $OpenBSD: kprop.h,v 1.4 1998/02/25 15:50:37 art Exp $ */
-/* $KTH: kprop.h,v 1.5 1997/02/07 21:39:52 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1987 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#define KPROP_SERVICE_NAME "rcmd"
-#define KPROP_SRVTAB "/etc/kerberosIV/srvtab"
-#define TGT_SERVICE_NAME "krbtgt"
-#define KPROP_PROT_VERSION_LEN 8
-#define KPROP_PROT_VERSION "kprop01"
-#define KPROP_TRANSFER_PRIVATE 1
-#define KPROP_TRANSFER_SAFE 2
-#define KPROP_TRANSFER_CLEAR 3
-#define KPROP_BUFSIZ 32768
-#define KPROP_PORT 754
diff --git a/kerberosIV/include/krb_log.h b/kerberosIV/include/krb_log.h
deleted file mode 100644
index 9b3a8ca004b..00000000000
--- a/kerberosIV/include/krb_log.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/* $OpenBSD: krb_log.h,v 1.3 1998/07/05 18:55:50 art Exp $ */
-/* $KTH krb_log.h,v 1.2 1997/09/26 17:40:33 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <kerberosIV/krb.h>
-
-#ifndef __KRB_LOG_H__
-#define __KRB_LOG_H__
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(X)
-#endif
-
-__BEGIN_DECLS
-
-/* logging.c */
-
-typedef int (*krb_log_func_t) __P((FILE *, const char *, va_list));
-
-typedef krb_log_func_t krb_warnfn_t;
-
-struct krb_log_facility;
-
-int krb_vlogger __P((struct krb_log_facility*, const char *, va_list))
- __attribute__ ((format (printf, 2, 0)));
-int krb_logger __P((struct krb_log_facility*, const char *, ...))
- __attribute__ ((format (printf, 2, 3)));
-int krb_openlog __P((struct krb_log_facility*, char*, FILE*, krb_log_func_t));
-
-void krb_set_warnfn __P((krb_warnfn_t));
-krb_warnfn_t krb_get_warnfn __P((void));
-void krb_warning __P((const char*, ...))
- __attribute__ ((format (printf, 1, 2)));
-
-void kset_logfile __P((char*));
-void krb_log __P((const char*, ...))
- __attribute__ ((format (printf, 1, 2)));
-char *klog __P((int, const char*, ...))
- __attribute__ ((format (printf, 2, 3)));
-
-__END_DECLS
-
-#endif /* __KRB_LOG_H__ */
diff --git a/kerberosIV/include/ksrvutil.h b/kerberosIV/include/ksrvutil.h
deleted file mode 100644
index 3de6f0a22bb..00000000000
--- a/kerberosIV/include/ksrvutil.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/* $OpenBSD: ksrvutil.h,v 1.2 1997/12/17 10:21:23 art Exp $ */
-/* $KTH: ksrvutil.h,v 1.8 1997/04/01 03:58:55 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-extern char u_name[], u_inst[], u_realm[];
-extern int destroyp;
-
-void leave(char *str, int x);
-void safe_read_stdin(char *prompt, char *buf, size_t size);
-void safe_write(char *filename, int fd, void *buf, size_t len);
-
-int yn(char *string);
-int ny(char *string);
-
-void ksrvutil_get(int fd, char *filename, int argc, char **argv);
-
-#ifndef TRUE
-#define TRUE 1
-#endif
-#ifndef FALSE
-#define FALSE 0
-#endif
diff --git a/kerberosIV/include/kuser_locl.h b/kerberosIV/include/kuser_locl.h
deleted file mode 100644
index f2c3499b609..00000000000
--- a/kerberosIV/include/kuser_locl.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* $OpenBSD: kuser_locl.h,v 1.4 1998/11/28 23:41:01 art Exp $ */
-/* $KTH: kuser_locl.h,v 1.10 1997/05/20 18:40:43 bg Exp $ */
-
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#include <kerberosIV/site.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <time.h>
-#include <sys/file.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-#include <pwd.h>
-
-#include <err.h>
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/krb_db.h>
-#include <kerberosIV/kadm.h>
-#include <kerberosIV/prot.h>
-
-
-
diff --git a/kerberosIV/include/pw_check.h b/kerberosIV/include/pw_check.h
deleted file mode 100644
index c2fa873fbec..00000000000
--- a/kerberosIV/include/pw_check.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/* $OpenBSD: pw_check.h,v 1.1 1997/12/15 17:56:14 art Exp $ */
-/* $KTH: pw_check.h,v 1.6 1997/04/01 08:17:50 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-int kadm_pw_check(char *pw, des_cblock *newkey,
- char **pw_msg, char **strings);
-
diff --git a/kerberosIV/include/sl.h b/kerberosIV/include/sl.h
deleted file mode 100644
index 9f0fc0a7aa7..00000000000
--- a/kerberosIV/include/sl.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/* $OpenBSD: sl.h,v 1.2 1998/02/18 11:53:38 art Exp $ */
-/* $KTH: sl.h,v 1.4 1997/08/15 21:40:10 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef _SL_H
-#define _SL_H
-
-typedef int (*cmd_func)(int, char **);
-
-struct sl_cmd {
- char *name;
- cmd_func func;
- char *usage;
- char *help;
-};
-
-typedef struct sl_cmd SL_cmd;
-
-void sl_help (SL_cmd *, int argc, char **argv);
-int sl_loop (SL_cmd *, char *prompt);
-int sl_command (SL_cmd *cmds, int argc, char **argv);
-
-
-#endif /* _SL_H */
diff --git a/kerberosIV/include/sl_locl.h b/kerberosIV/include/sl_locl.h
deleted file mode 100644
index 308a64ba123..00000000000
--- a/kerberosIV/include/sl_locl.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/* $OpenBSD: sl_locl.h,v 1.2 1998/02/18 11:53:38 art Exp $ */
-/* $KTH: sl_locl.h,v 1.4 1997/06/08 01:51:38 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <sl.h>
-
-#include <kerberosIV/krb.h> /* this wouldn't be necessary if strtok_r was
- somewhere else. */
diff --git a/kerberosIV/include/slav_locl.h b/kerberosIV/include/slav_locl.h
deleted file mode 100644
index 21f50b490a4..00000000000
--- a/kerberosIV/include/slav_locl.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/* $OpenBSD: slav_locl.h,v 1.3 1998/11/28 23:41:01 art Exp $ */
-
-#ifndef __slav_locl_h
-#define __slav_locl_h
-
-#include <kerberosIV/site.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-
-#include <errno.h>
-#include <unistd.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <time.h>
-#include <sys/file.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <sys/socket.h>
-
-#include <netdb.h>
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/krb_db.h>
-#include "klog.h"
-#include <kerberosIV/prot.h>
-#include "kdc.h"
-
-#endif /* __slav_locl_h */
diff --git a/kerberosIV/include/version.h b/kerberosIV/include/version.h
deleted file mode 100644
index a046ca742ea..00000000000
--- a/kerberosIV/include/version.h
+++ /dev/null
@@ -1,8 +0,0 @@
-/* $OpenBSD: version.h,v 1.5 1998/07/07 19:09:53 art Exp $ */
-#ifndef __VERSION_H__
-
-extern char *krb4_long_version;
-
-#define VERSION "0.9.9"
-
-#endif /* __VERSION_H__ */
diff --git a/kerberosIV/include/xdbm.h b/kerberosIV/include/xdbm.h
deleted file mode 100644
index 6ac722d10ab..00000000000
--- a/kerberosIV/include/xdbm.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* $OpenBSD: xdbm.h,v 1.2 1998/02/18 11:53:39 art Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* Generic *dbm include file */
-
-#ifndef __XDBM_H__
-#define __XDBM_H__
-
-#include <ndbm.h>
-
-/* Macros to convert ndbm names to dbm names.
- * Note that dbm_nextkey() cannot be simply converted using a macro, since
- * it is invoked giving the database, and nextkey() needs the previous key.
- *
- * Instead, all routines call "dbm_next" instead.
- */
-
-#define dbm_next(db,key) dbm_nextkey(db)
-
-#endif /* __XDBM_H__ */
diff --git a/kerberosIV/kadm/Makefile b/kerberosIV/kadm/Makefile
deleted file mode 100644
index d15b991a9bf..00000000000
--- a/kerberosIV/kadm/Makefile
+++ /dev/null
@@ -1,29 +0,0 @@
-# $OpenBSD: Makefile,v 1.9 1999/03/09 00:01:42 niklas Exp $
-
-.include <bsd.obj.mk>
-
-LIB= kadm
-SRCS= kadm_err.c kadm_cli_wrap.c kadm_stream.c kadm_supp.c check_password.c
-CFLAGS+=-I. -I${.CURDIR}
-.if exists(${.CURDIR}/../krb/${__objdir})
-CFLAGS+=-I${.CURDIR}/../krb/${__objdir}
-.else
-CFLAGS+=-I${.CURDIR}/../krb
-.endif
-LDADD+= ${COM_ERR}
-CLEANFILES+= kadm_err.c kadm_err.h
-
-kadm_err.c kadm_err.h: kadm_err.et
- test -e kadm_err.et || ln -s ${.CURDIR}/kadm_err.et .
- compile_et kadm_err.et
- -test -h kadm_err.et && rm kadm_err.et
-
-beforedepend prereq: kadm_err.h
-
-includes: kadm_err.h
- -cd ${.OBJDIR}; cmp -s kadm_err.h \
- ${DESTDIR}/usr/include/kerberosIV/kadm_err.h || \
- install -c -o ${BINOWN} -g ${BINGRP} -m 444 kadm_err.h \
- ${DESTDIR}/usr/include/kerberosIV
-
-.include <bsd.lib.mk>
diff --git a/kerberosIV/kadm/check_password.c b/kerberosIV/kadm/check_password.c
deleted file mode 100644
index 39903eb8301..00000000000
--- a/kerberosIV/kadm/check_password.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* $OpenBSD: check_password.c,v 1.1 1998/05/15 06:22:17 art Exp $ */
-/* $KTH: check_password.c,v 1.1 1998/01/16 23:10:18 joda Exp $ */
-/*
- * Copyright (c) 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadm_locl.h"
-
-/* This is a client side password check. Should perhaps be merged with
- kadmind version that lives in pw_check.c */
-
-int
-kadm_check_pw (const char *password)
-{
- const char *t;
- if (strlen(password) == 0)
- return KADM_PASS_Q_NULL;
- if (strlen(password) < MIN_KPW_LEN)
- return KADM_PASS_Q_TOOSHORT;
-
- /* Don't allow all lower case passwords regardless of length */
- for (t = password; *t && islower(*t); t++)
- ;
- if (*t == '\0')
- return KADM_PASS_Q_CLASS;
- return 0;
-}
diff --git a/kerberosIV/kadm/kadm_cli_wrap.c b/kerberosIV/kadm/kadm_cli_wrap.c
deleted file mode 100644
index 7f61ace9084..00000000000
--- a/kerberosIV/kadm/kadm_cli_wrap.c
+++ /dev/null
@@ -1,645 +0,0 @@
-/* $OpenBSD: kadm_cli_wrap.c,v 1.7 1999/03/03 08:41:27 csapuntz Exp $ */
-/* $KTH: kadm_cli_wrap.c,v 1.22 1997/08/17 07:30:04 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-/*
- * Kerberos administration server client-side routines
- */
-
-/*
- * kadm_cli_wrap.c the client side wrapping of the calls to the admin server
- */
-
-#include "kadm_locl.h"
-
-#ifndef NULL
-#define NULL 0
-#endif
-
-static Kadm_Client client_parm;
-
-/* Macros for use in returning data... used in kadm_cli_send */
-#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); act_st = NULL; free((char *)priv_pak); priv_pak = NULL; return r;}
-
-/* Keys for use in the transactions */
-static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */
-static des_key_schedule sess_sched;
-
-static void
-clear_secrets(void)
-{
- memset(sess_key, 0, sizeof(sess_key));
- memset(sess_sched, 0, sizeof(sess_sched));
-}
-
-static void (*opipe)();
-
-static void
-kadm_cli_disconn(void)
-{
- close(client_parm.admin_fd);
- signal(SIGPIPE, opipe);
-}
-
-/*
- * kadm_init_link
- * receives : name, inst, realm
- *
- * initializes client parm, the Kadm_Client structure which holds the
- * data about the connection between the server and client, the services
- * used, the locations and other fun things
- */
-
-int
-kadm_init_link(char *n, char *i, char *r)
-{
- struct hostent *hop; /* host we will talk to */
- char adm_hostname[MAXHOSTNAMELEN];
-
- init_kadm_err_tbl();
- init_krb_err_tbl();
- strncpy(client_parm.sname, n, ANAME_SZ - 1);
- client_parm.sname[ANAME_SZ - 1] = '\0';
- strncpy(client_parm.sinst, i, INST_SZ - 1);
- client_parm.sinst[INST_SZ - 1] = '\0';
- strncpy(client_parm.krbrlm, r, REALM_SZ - 1);
- client_parm.krbrlm[REALM_SZ - 1] = '\0';
- client_parm.admin_fd = -1;
-
- /* set up the admin_addr - fetch name of admin host */
- if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS)
- return KADM_NO_HOST;
- if ((hop = gethostbyname(adm_hostname)) == NULL)
- return KADM_UNK_HOST;
- memset(&client_parm.admin_addr, 0, sizeof(client_parm.admin_addr));
- client_parm.admin_addr.sin_port =
- k_getportbyname(KADM_SNAME, "tcp", htons(KADM_PORT));
- client_parm.admin_addr.sin_family = hop->h_addrtype;
- memcpy(&client_parm.admin_addr.sin_addr, hop->h_addr,
- sizeof(client_parm.admin_addr.sin_addr));
-
- return KADM_SUCCESS;
-}
-
-static int
-kadm_cli_conn(void)
-{ /* this connects and sets my_addr */
- int on = 1;
-
- if ((client_parm.admin_fd =
- socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0)
- return KADM_NO_SOCK; /* couldnt create the socket */
-
- if (connect(client_parm.admin_fd,
- (struct sockaddr *) & client_parm.admin_addr,
- sizeof(client_parm.admin_addr))) {
- close(client_parm.admin_fd);
- client_parm.admin_fd = -1;
- return KADM_NO_CONN; /* couldnt get the connect */
- }
-
- opipe = signal(SIGPIPE, SIG_IGN);
-
- client_parm.my_addr_len = sizeof(client_parm.my_addr);
- if (getsockname(client_parm.admin_fd,
- (struct sockaddr *) & client_parm.my_addr,
- &client_parm.my_addr_len) < 0) {
- close(client_parm.admin_fd);
- client_parm.admin_fd = -1;
- signal(SIGPIPE, opipe);
- return KADM_NO_HERE; /* couldnt find out who we are */
- }
-
- if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE,
- (void *)&on,
- sizeof(on)) < 0) {
- close(client_parm.admin_fd);
- client_parm.admin_fd = -1;
- signal(SIGPIPE, opipe);
- return KADM_NO_CONN; /* XXX */
- }
-
- return KADM_SUCCESS;
-}
-
-/* takes in the sess_key and key_schedule and sets them appropriately */
-static int
-kadm_cli_keyd(des_cblock (*s_k), struct des_ks_struct *s_s)
- /* session key */
- /* session key schedule */
-{
- CREDENTIALS cred; /* to get key data */
- int stat;
-
- /* want .sname and .sinst here.... */
- if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst,
- client_parm.krbrlm, &cred)))
- return stat + krb_err_base;
- memcpy(s_k, cred.session, sizeof(des_cblock));
- memset(cred.session, 0, sizeof(des_cblock));
-#ifdef NOENCRYPTION
- memset(s_s, 0, sizeof(des_key_schedule));
-#else
- if ((stat = des_key_sched(s_k,s_s)))
- return(stat+krb_err_base);
-#endif
- return KADM_SUCCESS;
-} /* This code "works" */
-
-static int
-kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz)
-{
- u_int16_t dlen;
- int retval;
- char tmp[4];
-
- dlen = (u_int16_t) dat_len;
-
- if (dat_len != (int)dlen)
- return (KADM_NO_ROOM);
-
- tmp[0] = (dlen >> 8) & 0xff;
- tmp[1] = dlen & 0xff;
- if (krb_net_write(client_parm.admin_fd, tmp, 2) != 2)
- return (errno); /* XXX */
-
- if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0)
- return (errno); /* XXX */
-
-
- if ((retval = krb_net_read(client_parm.admin_fd, tmp, 2)) != 2){
- if (retval < 0)
- return(errno); /* XXX */
- else
- return(EPIPE); /* short read ! */
- }
- dlen = (tmp[0] << 8) | tmp[1];
-
- *ret_dat = (u_char *)malloc((unsigned)dlen);
- if (*ret_dat == NULL)
- return(KADM_NOMEM);
-
- if ((retval = krb_net_read(client_parm.admin_fd, *ret_dat,
- dlen) != dlen)) {
- if (retval < 0)
- return(errno); /* XXX */
- else
- return(EPIPE); /* short read ! */
- }
- *ret_siz = (int) dlen;
- return KADM_SUCCESS;
-}
-
-/*
- * kadm_cli_send
- * recieves : opcode, packet, packet length, serv_name, serv_inst
- * returns : return code from the packet build, the server, or
- * something else
- *
- * It assembles a packet as follows:
- * 8 bytes : VERSION STRING
- * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE
- * : KTEXT
- * : OPCODE \
- * : DATA > Encrypted (with make priv)
- * : ...... /
- *
- * If it builds the packet and it is small enough, then it attempts to open the
- * connection to the admin server. If the connection is succesfully open
- * then it sends the data and waits for a reply.
- */
-static int
-kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz)
- /* the actual data */
- /* length of said data */
- /* to give return info */
- /* length of returned info */
-{
- int act_len, retdat; /* current offset into packet, return
- * data */
- KTEXT_ST authent; /* the authenticator we will build */
- u_char *act_st; /* the pointer to the complete packet */
- u_char *temp;
- u_char *priv_pak; /* private version of the packet */
- int priv_len; /* length of private packet */
- u_int32_t cksum; /* checksum of the packet */
- MSG_DAT mdat;
- u_char *return_dat;
-
- act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */
- if (act_st == NULL) {
- clear_secrets();
- return KADM_NOMEM;
- }
-
- strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE);
- act_len = KADM_VERSIZE;
-
- if ((retdat = kadm_cli_keyd(&sess_key, sess_sched)) != KADM_SUCCESS) {
- free(act_st);
- act_st = NULL;
- clear_secrets();
- return retdat; /* couldnt get key working */
- }
-
- priv_pak = (u_char *) malloc((unsigned)(st_siz + 200));
- if (priv_pak == NULL) {
- free(act_st);
- act_st = NULL;
- clear_secrets();
- return KADM_NOMEM;
- }
-
- /* 200 bytes for extra info case */
- if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_int32_t)st_siz,
- sess_sched, &sess_key, &client_parm.my_addr,
- &client_parm.admin_addr)) < 0)
- RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose
- * here */
-
- /* here is the length of priv data. receiver calcs
- size of authenticator by subtracting vno size, priv size, and
- sizeof(u_int32_t) (for the size indication) from total size */
-
- act_len += vts_long((u_int32_t) priv_len, &act_st, act_len);
-#ifdef NOENCRYPTION
- cksum = 0;
-#else
- cksum = des_quad_cksum((des_cblock *)priv_pak, (des_cblock *)0,
- (long)priv_len, 0, &sess_key);
-#endif
- if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst,
- client_parm.krbrlm, cksum))) {
- /* authenticator? */
- RET_N_FREE(retdat + krb_err_base);
- }
-
- temp = (u_char *) realloc(act_st,
- act_len + authent.length + priv_len);
- if (temp == NULL) {
- clear_secrets();
- free(priv_pak);
- free(act_st);
- priv_pak = NULL;
- return KADM_NOMEM;
- }
- act_st = temp;
-
- memcpy((char *)act_st + act_len, authent.dat, authent.length);
- memcpy((char *)act_st + act_len + authent.length, priv_pak, priv_len);
- free(priv_pak);
- priv_pak = NULL;
-
- if ((retdat = kadm_cli_out(act_st,
- act_len + authent.length + priv_len,
- ret_dat, ret_siz)) != KADM_SUCCESS)
- RET_N_FREE(retdat);
- free(act_st);
- act_st = NULL;
-#define RET_N_FREE2(r) {free(*ret_dat); *ret_dat = NULL; *ret_siz = 0; clear_secrets(); return(r);}
-
- /* first see if it's a YOULOUSE */
- if ((*ret_siz >= KADM_VERSIZE) &&
- !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) {
- unsigned char *p;
- /* it's a youlose packet */
- if (*ret_siz < KADM_VERSIZE + 4)
- RET_N_FREE2(KADM_BAD_VER);
- p = (*ret_dat)+KADM_VERSIZE;
- retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
- RET_N_FREE2(retdat);
- }
- /* need to decode the ret_dat */
- if ((retdat = krb_rd_priv(*ret_dat, (u_int32_t)*ret_siz, sess_sched,
- &sess_key, &client_parm.admin_addr,
- &client_parm.my_addr, &mdat)))
- RET_N_FREE2(retdat+krb_err_base);
- if (mdat.app_length < KADM_VERSIZE + 4)
- /* too short! */
- RET_N_FREE2(KADM_BAD_VER);
- if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE))
- /* bad version */
- RET_N_FREE2(KADM_BAD_VER);
- {
- unsigned char *p = mdat.app_data+KADM_VERSIZE;
- retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
- }
- {
- int s=mdat.app_length - KADM_VERSIZE - 4;
- if(s<=0) s=1;
- if (!(return_dat = (u_char *)malloc(s)))
- RET_N_FREE2(KADM_NOMEM);
- }
- memcpy(return_dat,
- (char *) mdat.app_data + KADM_VERSIZE + 4,
- mdat.app_length - KADM_VERSIZE - 4);
- free(*ret_dat);
- *ret_dat = NULL;
- clear_secrets();
- *ret_dat = return_dat;
- *ret_siz = mdat.app_length - KADM_VERSIZE - 4;
- return retdat;
-}
-
-
-
-/*
- * kadm_change_pw_plain
- *
- * see kadm_change_pw
- *
- */
-int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg)
-{
- int stsize, retc; /* stream size and return code */
- u_char *send_st; /* send stream */
- u_char *temp;
- u_char *ret_st;
- int ret_sz;
- int status;
- static char msg[128];
-
- if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
- return retc ;
- /* possible problem with vts_long on a non-multiple of four boundary */
-
- stsize = 0; /* start of our output packet */
- send_st = (u_char *) malloc(1);/* to make it reallocable */
- if (send_st == NULL)
- return KADM_NOMEM;
-
- send_st[stsize++] = (u_char) CHANGE_PW;
-
- /* change key to stream */
-
- temp = realloc(send_st, stsize + 8);
- if (temp == NULL) {
- free(send_st);
- return KADM_NOMEM;
- }
- send_st = temp;
-
- memcpy(send_st + stsize + 4, newkey, 4); /* yes, this is backwards */
- memcpy(send_st + stsize, newkey + 4, 4);
- stsize += 8;
-
- if(password != NULL && password[0] != '\0')
- stsize += vts_string(password, &send_st, stsize);
-
- retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz);
- free(send_st);
- send_st = NULL;
-
- if(retc != KADM_SUCCESS){
- status = stv_string(ret_st, msg, 0, sizeof(msg), ret_sz);
- if(status<0)
- msg[0]=0;
- *pw_msg=msg;
- }
-
- if (ret_st != NULL) {
- free(ret_st);
- ret_st = NULL;
- }
-
- kadm_cli_disconn();
- return(retc);
-}
-
-/*
- * This function is here for compatibility with CNS
- */
-
-int kadm_change_pw2(unsigned char *newkey, char *password, char **pw_msg)
-{
- return kadm_change_pw_plain (newkey, password, pw_msg);
-}
-
-
-/*
- * kadm_change_pw
- * recieves : key
- *
- * Replaces the password (i.e. des key) of the caller with that specified in
- * key. Returns no actual data from the master server, since this is called
- * by a user
- */
-
-int kadm_change_pw(unsigned char *newkey)
-{
- char *pw_msg;
- return kadm_change_pw_plain(newkey, "", &pw_msg);
-}
-
-/*
- * kadm_add
- * receives : vals
- * returns : vals
- *
- * Adds and entry containing values to the database returns the values of the
- * entry, so if you leave certain fields blank you will be able to determine
- * the default values they are set to
- */
-int
-kadm_add(Kadm_vals *vals)
-{
- u_char *st, *st2; /* st will hold the stream of values */
- int st_len; /* st2 the final stream with opcode */
- int retc; /* return code from call */
- u_char *ret_st;
- int ret_sz;
-
- if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
- return(retc);
- st_len = vals_to_stream(vals, &st);
- st2 = (u_char *) malloc((unsigned)(1 + st_len));
- if (st2 == NULL)
- return KADM_NOMEM;
-
- *st2 = (u_char) ADD_ENT; /* here's the opcode */
- memcpy((char *) st2 + 1, st, st_len); /* append st on */
- retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
- free(st);
- st = NULL;
- free(st2);
- st2 = NULL;
-
- if (retc == KADM_SUCCESS) {
- /* ret_st has vals */
- if (stream_to_vals(ret_st, vals, ret_sz) < 0)
- retc = KADM_LENGTH_ERROR;
- free(ret_st);
- ret_st = NULL;
- }
- kadm_cli_disconn();
- return(retc);
-}
-
-/*
- * kadm_mod
- * receives : KTEXT, {values, values}
- * returns : CKSUM, RETCODE, {values}
- * acl : su, sms (as register or dealloc)
- *
- * Modifies all entries corresponding to the first values so they match the
- * second values. returns the values for the changed entries in vals2
- */
-int
-kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2)
-{
- u_char *st, *st2; /* st will hold the stream of values */
- int st_len, nlen; /* st2 the final stream with opcode */
- u_char *ret_st;
- u_char *temp;
- int ret_sz;
-
- /* nlen is the length of second vals */
- int retc; /* return code from call */
-
- if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
- return(retc);
-
- st_len = vals_to_stream(vals1, &st);
- st2 = (u_char *) malloc((unsigned)(1 + st_len));
- if (st2 == NULL)
- return KADM_NOMEM;
-
- *st2 = (u_char) MOD_ENT; /* here's the opcode */
- memcpy((char *)st2 + 1, st, st_len++); /* append st on */
- free(st);
- st = NULL;
-
- nlen = vals_to_stream(vals2, &st);
- temp = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen));
- if (temp == NULL) {
- free(st2);
- return KADM_NOMEM;
- }
- st2 = temp;
-
- memcpy((char *) st2 + st_len, st, nlen); /* append st on */
- retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz);
-
- free(st);
- st = NULL;
- free(st2);
- st2 = NULL;
-
- if (retc == KADM_SUCCESS) {
- /* ret_st has vals */
- if (stream_to_vals(ret_st, vals2, ret_sz) < 0)
- retc = KADM_LENGTH_ERROR;
- free(ret_st);
- ret_st = NULL;
- }
- kadm_cli_disconn();
- return retc;
-}
-
-
-int
-kadm_del(Kadm_vals *vals)
-{
- unsigned char *st, *st2; /* st will hold the stream of values */
- int st_len; /* st2 the final stream with opcode */
- int retc; /* return code from call */
- u_char *ret_st;
- int ret_sz;
-
- if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
- return retc;
- st_len = vals_to_stream(vals, &st);
- st2 = (unsigned char *) malloc(st_len + 1);
- if (st2 == NULL)
- return KADM_NOMEM;
-
- *st2 = DEL_ENT; /* here's the opcode */
- memcpy(st2 + 1, st, st_len); /* append st on */
- retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
- free(st);
- st = NULL;
- free(st2);
- st2 = NULL;
- kadm_cli_disconn();
- return(retc);
-}
-
-
-/*
- * kadm_get
- * receives : KTEXT, {values, flags}
- * returns : CKSUM, RETCODE, {count, values, values, values}
- * acl : su
- *
- * gets the fields requested by flags from all entries matching values returns
- * this data for each matching recipient, after a count of how many such
- * matches there were
- */
-int
-kadm_get(Kadm_vals *vals, u_char *fl)
-{
- int loop; /* for copying the fields data */
- u_char *st, *st2; /* st will hold the stream of values */
- int st_len; /* st2 the final stream with opcode */
- int retc; /* return code from call */
- u_char *ret_st;
- int ret_sz;
-
- if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
- return(retc);
- st_len = vals_to_stream(vals, &st);
- st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ));
- if (st2 == NULL)
- return KADM_NOMEM;
-
- *st2 = (u_char) GET_ENT; /* here's the opcode */
- memcpy((char *)st2 + 1, st, st_len); /* append st on */
- for (loop = FLDSZ - 1; loop >= 0; loop--)
- *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */
- retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz);
- free(st);
- st = NULL;
- free(st2);
- st2 = NULL;
- if (retc == KADM_SUCCESS) {
- /* ret_st has vals */
- if (stream_to_vals(ret_st, vals, ret_sz) < 0)
- retc = KADM_LENGTH_ERROR;
- free(ret_st);
- ret_st = NULL;
- }
- kadm_cli_disconn();
- return(retc);
-}
diff --git a/kerberosIV/kadm/kadm_err.et b/kerberosIV/kadm/kadm_err.et
deleted file mode 100644
index 22e9b5c0e7a..00000000000
--- a/kerberosIV/kadm/kadm_err.et
+++ /dev/null
@@ -1,76 +0,0 @@
-# $OpenBSD: kadm_err.et,v 1.5 1998/05/15 06:22:17 art Exp $
-# $KTH: kadm_err.et,v 1.5 1998/01/16 23:11:27 joda Exp $
-
-#-
-# Copyright (C) 1988 by the Massachusetts Institute of Technology
-#
-# Export of this software from the United States of America is assumed
-# to require a specific license from the United States Government.
-# It is the responsibility of any person or organization contemplating
-# export to obtain such a license before exporting.
-#
-# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-# distribute this software and its documentation for any purpose and
-# without fee is hereby granted, provided that the above copyright
-# notice appear in all copies and that both that copyright notice and
-# this permission notice appear in supporting documentation, and that
-# the name of M.I.T. not be used in advertising or publicity pertaining
-# to distribution of the software without specific, written prior
-# permission. M.I.T. makes no representations about the suitability of
-# this software for any purpose. It is provided "as is" without express
-# or implied warranty.
-
- et kadm
-
-# KADM_SUCCESS, as all success codes should be, is zero
-
-ec KADM_RCSID, "$OpenBSD: kadm_err.et,v 1.5 1998/05/15 06:22:17 art Exp $"
-# /* Building and unbuilding the packet errors */
-ec KADM_NO_REALM, "Cannot fetch local realm"
-ec KADM_NO_CRED, "Unable to fetch credentials"
-ec KADM_BAD_KEY, "Bad key supplied"
-ec KADM_NO_ENCRYPT, "Can't encrypt data"
-ec KADM_NO_AUTH, "Cannot encode/decode authentication info"
-ec KADM_WRONG_REALM, "Principal attempting change is in wrong realm"
-ec KADM_NO_ROOM, "Packet is too large"
-ec KADM_BAD_VER, "Version number is incorrect"
-ec KADM_BAD_CHK, "Checksum does not match"
-ec KADM_NO_READ, "Unsealing private data failed"
-ec KADM_NO_OPCODE, "Unsupported operation"
-ec KADM_NO_HOST, "Could not find administrating host"
-ec KADM_UNK_HOST, "Administrating host name is unknown"
-ec KADM_NO_SERV, "Could not find service name in services database"
-ec KADM_NO_SOCK, "Could not create socket"
-ec KADM_NO_CONN, "Could not connect to server"
-ec KADM_NO_HERE, "Could not fetch local socket address"
-ec KADM_NO_MAST, "Could not fetch master key"
-ec KADM_NO_VERI, "Could not verify master key"
-
-# /* From the server side routines */
-ec KADM_INUSE, "Entry already exists in database"
-ec KADM_UK_SERROR, "Database store error"
-ec KADM_UK_RERROR, "Database read error"
-ec KADM_UNAUTH, "Insufficient access to perform requested operation"
-# KADM_DATA isn't really an error, but...
-ec KADM_DATA, "Data is available for return to client"
-ec KADM_NOENTRY, "No such entry in the database"
-
-ec KADM_NOMEM, "Memory exhausted"
-ec KADM_NO_HOSTNAME, "Could not fetch system hostname"
-ec KADM_NO_BIND, "Could not bind port"
-ec KADM_LENGTH_ERROR, "Length mismatch problem"
-ec KADM_ILL_WILDCARD, "Illegal use of wildcard"
-
-ec KADM_DB_INUSE, "Database is locked or in use--try again later"
-
-ec KADM_INSECURE_PW, "Insecure password rejected"
-ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match"
-
-ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request"
-ec KADM_IMMUTABLE, "Attempt to delete immutable principal"
-# password quality basically stolen from OV libkadm5
-ec KADM_PASS_Q_NULL, "Null passwords are not allowed"
-ec KADM_PASS_Q_TOOSHORT,"Password is too short"
-ec KADM_PASS_Q_CLASS, "Too few character classes in password"
-ec KADM_PASS_Q_DICT, "Password is in the password dictionary"
-end
diff --git a/kerberosIV/kadm/kadm_stream.c b/kerberosIV/kadm/kadm_stream.c
deleted file mode 100644
index 791a553a0b4..00000000000
--- a/kerberosIV/kadm/kadm_stream.c
+++ /dev/null
@@ -1,354 +0,0 @@
-/* $OpenBSD: kadm_stream.c,v 1.5 1998/08/16 02:42:06 art Exp $ */
-/* $KTH: kadm_stream.c,v 1.11 1997/05/02 10:28:05 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-/*
- * Stream conversion functions for Kerberos administration server
- */
-
-/*
- * kadm_stream.c
- * this holds the stream support routines for the kerberos administration
- * server
- *
- * vals_to_stream: converts a vals struct to a stream for transmission
- * internals build_field_header, vts_[string, char, long, short]
- * stream_to_vals: converts a stream to a vals struct
- * internals check_field_header, stv_[string, char, long, short]
- * error: prints out a kadm error message, returns
- * fatal: prints out a kadm fatal error message, exits
- */
-
-#include "kadm_locl.h"
-
-static int
-build_field_header(u_char *cont, u_char **st)
- /* container for fields data */
- /* stream */
-{
- *st = (u_char *) malloc (4);
- if (st == NULL)
- return -1;
- memcpy(*st, cont, 4);
- return 4; /* return pointer to current stream location */
-}
-
-static int
-check_field_header(u_char *st, u_char *cont, int maxlen)
- /* stream */
- /* container for fields data */
-
-{
- if (maxlen < 4 || cont == NULL || st == NULL)
- return(-1);
- memcpy(cont, st, 4);
- return 4; /* return pointer to current stream location */
-}
-
-int
-vts_string(char *dat, u_char **st, int loc)
- /* a string to put on the stream */
- /* base pointer to the stream */
- /* offset into the stream for current data */
-{
- u_char *temp;
-
- temp = (u_char *) realloc (*st, (unsigned) (loc + strlen(dat) + 1));
- if (temp == NULL) {
- free(*st);
- return -1;
- }
- *st = temp;
-
- memcpy(*st + loc, dat, strlen(dat)+1);
- return strlen(dat)+1;
-}
-
-
-static int
-vts_short(u_int16_t dat, u_char **st, int loc)
- /* the attributes field */
- /* a base pointer to the stream */
- /* offset into the stream for current data */
-{
- unsigned char *p;
-
- p = realloc(*st, loc + 2);
- if (p == NULL) {
- abort();
- }
- p[loc] = (dat >> 8) & 0xff;
- p[loc+1] = dat & 0xff;
- *st = p;
- return 2;
-}
-
-static int
-vts_char(u_char dat, u_char **st, int loc)
- /* the attributes field */
- /* a base pointer to the stream */
- /* offset into the stream for current data */
-{
- unsigned char *p = realloc(*st, loc + 1);
- if (p == NULL) {
- abort();
- }
- p[loc] = dat;
- *st = p;
- return 1;
-}
-
-int
-vts_long(u_int32_t dat, u_char **st, int loc)
- /* the attributes field */
- /* a base pointer to the stream */
- /* offset into the stream for current data */
-{
- unsigned char *p = realloc(*st, loc + 4);
- if(p == NULL){
- abort();
- }
- p[loc] = (dat >> 24) & 0xff;
- p[loc+1] = (dat >> 16) & 0xff;
- p[loc+2] = (dat >> 8) & 0xff;
- p[loc+3] = dat & 0xff;
- *st = p;
- return 4;
-}
-
-#ifndef min
-#define min(a,b) (a < b ? a : b)
-#endif
-
-int
-stv_string(u_char *st, /* base pointer to the stream */
- char *dat, /* a string to read from the stream */
- int loc, /* offset into the stream for current data */
- int stlen, /* max length of string to copy in */
- int maxlen) /* max length of input stream */
-{
- int maxcount; /* max count of chars to copy */
-
- maxcount = min(maxlen - loc, stlen);
-
- if(maxcount <= 0)
- return -1;
-
- strncpy(dat, (char *)st + loc, maxcount);
-
- if (dat[maxcount - 1]) /* not null-term --> not enough room */
- return -1;
- return strlen(dat)+1;
-}
-
-static int
-stv_short(u_char *st, u_int16_t *dat, int loc, int maxlen)
- /* a base pointer to the stream */
- /* the attributes field */
- /* offset into the stream for current data */
-
-{
- if (maxlen - loc < 2)
- return -1;
-
- *dat = (st[loc] << 8) | st[loc + 1];
- return 2;
-}
-
-int
-stv_long(u_char *st, u_int32_t *dat, int loc, int maxlen)
- /* a base pointer to the stream */
- /* the attributes field */
- /* offset into the stream for current data */
- /* maximum length of st */
-{
- if (maxlen - loc < 4)
- return -1;
-
- *dat = (st[loc] << 24) | (st[loc+1] << 16) | (st[loc+2] << 8) | st[loc+3];
- return 4;
-}
-
-static int
-stv_char(u_char *st, u_char *dat, int loc, int maxlen)
- /* a base pointer to the stream */
- /* the attributes field */
- /* offset into the stream for current data */
-
-{
- if (maxlen - loc < 1)
- return -1;
-
- *dat = st[loc];
- return 1;
-}
-
-/*
- * vals_to_stream
- * recieves : kadm_vals *, u_char *
- * returns : a realloced and filled in u_char *
- *
- * this function creates a byte-stream representation of the kadm_vals
- * structure
- */
-
-int
-vals_to_stream(Kadm_vals *dt_in, u_char **dt_out)
-{
- int vsloop, stsize, stsizetemp; /* loop counter, stream size */
-
- stsize = build_field_header(dt_in->fields, dt_out);
- if (stsize < 0)
- return -1;
-
- for (vsloop=31; vsloop>=0; vsloop--)
- if (IS_FIELD(vsloop, dt_in->fields)) {
- switch (vsloop) {
- case KADM_NAME:
- stsizetemp = vts_string(dt_in->name, dt_out, stsize);
- if (stsizetemp < 0)
- return -1;
- stsize += stsizetemp;
- break;
- case KADM_INST:
- stsizetemp = vts_string(dt_in->instance, dt_out, stsize);
- if (stsizetemp < 0)
- return -1;
- stsize += stsizetemp;
- break;
- case KADM_EXPDATE:
- stsizetemp = vts_long(dt_in->exp_date, dt_out, stsize);
- if (stsizetemp < 0)
- return -1;
- stsize += stsizetemp;
- break;
- case KADM_ATTR:
- stsizetemp = vts_short(dt_in->attributes, dt_out, stsize);
- if (stsizetemp < 0)
- return -1;
- stsize += stsizetemp;
- break;
- case KADM_MAXLIFE:
- stsizetemp = vts_char(dt_in->max_life, dt_out, stsize);
- if (stsizetemp < 0)
- return -1;
- stsize += stsizetemp;
- break;
- case KADM_DESKEY:
- stsizetemp = vts_long(dt_in->key_high, dt_out, stsize);
- if (stsizetemp < 0)
- return -1;
- stsize += stsizetemp;
- stsizetemp = vts_long(dt_in->key_low, dt_out, stsize);
- if (stsizetemp < 0)
- return -1;
- stsize += stsizetemp;
- break;
- default:
- break;
- }
- }
- return(stsize);
-}
-
-/*
- * stream_to_vals
- * recieves : u_char *, kadm_vals *
- * returns : a kadm_vals filled in according to u_char *
- *
- * this decodes a byte stream represntation of a vals struct into kadm_vals
- */
-int
-stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen)
-
-
- /* max length to use */
-{
- int vsloop, stsize; /* loop counter, stream size */
- int status;
-
- memset(dt_out, 0, sizeof(*dt_out));
-
- stsize = check_field_header(dt_in, dt_out->fields, maxlen);
- if (stsize < 0)
- return(-1);
- for (vsloop=31; vsloop>=0; vsloop--)
- if (IS_FIELD(vsloop,dt_out->fields))
- switch (vsloop) {
- case KADM_NAME:
- if ((status = stv_string(dt_in, dt_out->name, stsize,
- sizeof(dt_out->name), maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_INST:
- if ((status = stv_string(dt_in, dt_out->instance, stsize,
- sizeof(dt_out->instance), maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_EXPDATE:
- if ((status = stv_long(dt_in, &dt_out->exp_date, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_ATTR:
- if ((status = stv_short(dt_in, &dt_out->attributes, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_MAXLIFE:
- if ((status = stv_char(dt_in, &dt_out->max_life, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- case KADM_DESKEY:
- if ((status = stv_long(dt_in, &dt_out->key_high, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- if ((status = stv_long(dt_in, &dt_out->key_low, stsize,
- maxlen)) < 0)
- return(-1);
- stsize += status;
- break;
- default:
- break;
- }
- return stsize;
-}
diff --git a/kerberosIV/kadm/kadm_supp.c b/kerberosIV/kadm/kadm_supp.c
deleted file mode 100644
index f3ff2fca573..00000000000
--- a/kerberosIV/kadm/kadm_supp.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* $OpenBSD: kadm_supp.c,v 1.3 1997/12/12 10:02:46 art Exp $ */
-/* $KTH: kadm_supp.c,v 1.8 1997/05/02 10:27:58 joda Exp $ */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
- */
-
-/*
- * Support functions for Kerberos administration server & clients
- */
-
-/*
- kadm_supp.c
- this holds the support routines for the kerberos administration server
-
- error: prints out a kadm error message, returns
- fatal: prints out a kadm fatal error message, exits
- prin_vals: prints out data associated with a Principal in the vals
- structure
-*/
-
-#include "kadm_locl.h"
-
-/*
-prin_vals:
- recieves : a vals structure
-*/
-void
-prin_vals(Kadm_vals *vals)
-{
- printf("Info in Database for %s.%s:\n", vals->name, vals->instance);
- printf(" Max Life: %d (%s) Exp Date: %s\n",
- vals->max_life,
- krb_life_to_atime(vals->max_life),
- asctime(k_localtime(&vals->exp_date)));
- printf(" Attribs: %.2x key: %#lx %#lx\n",
- vals->attributes,
- (long)vals->key_low, (long)vals->key_high);
-}
-
-/* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal,
- it copies the fields in Principal specified by fields into Kadm_vals,
- i.e from old to new */
-
-void
-kadm_prin_to_vals(u_char *fields, Kadm_vals *new, Principal *old)
-{
- if (new == NULL)
- return;
-
- memset(new, 0, sizeof(*new));
- if (IS_FIELD(KADM_NAME,fields)) {
- strncpy(new->name, old->name, ANAME_SZ - 1);
- new->name[ANAME_SZ - 1] = '\0';
- SET_FIELD(KADM_NAME, new->fields);
- }
- if (IS_FIELD(KADM_INST,fields)) {
- strncpy(new->instance, old->instance, INST_SZ - 1);
- new->instance[INST_SZ - 1] = '\0';
- SET_FIELD(KADM_INST, new->fields);
- }
- if (IS_FIELD(KADM_EXPDATE,fields)) {
- new->exp_date = old->exp_date;
- SET_FIELD(KADM_EXPDATE, new->fields);
- }
- if (IS_FIELD(KADM_ATTR,fields)) {
- new->attributes = old->attributes;
- SET_FIELD(KADM_ATTR, new->fields);
- }
- if (IS_FIELD(KADM_MAXLIFE,fields)) {
- new->max_life = old->max_life;
- SET_FIELD(KADM_MAXLIFE, new->fields);
- }
- if (IS_FIELD(KADM_DESKEY,fields)) {
- new->key_low = old->key_low;
- new->key_high = old->key_high;
- SET_FIELD(KADM_DESKEY, new->fields);
- }
-}
-
-void
-kadm_vals_to_prin(u_char *fields, Principal *new, Kadm_vals *old)
-{
- if (new == NULL)
- return;
-
- memset(new, 0, sizeof(*new));
- if (IS_FIELD(KADM_NAME,fields)) {
- strncpy(new->name, old->name, ANAME_SZ);
- new->name[ANAME_SZ - 1] = '\0';
- }
- if (IS_FIELD(KADM_INST,fields)) {
- strncpy(new->instance, old->instance, INST_SZ);
- new->instance[KADM_INST - 1] = '\0';
- }
- if (IS_FIELD(KADM_EXPDATE,fields))
- new->exp_date = old->exp_date;
- if (IS_FIELD(KADM_ATTR,fields))
- new->attributes = old->attributes;
- if (IS_FIELD(KADM_MAXLIFE,fields))
- new->max_life = old->max_life;
- if (IS_FIELD(KADM_DESKEY,fields)) {
- new->key_low = old->key_low;
- new->key_high = old->key_high;
- }
-}
diff --git a/kerberosIV/kadm/shlib_version b/kerberosIV/kadm/shlib_version
deleted file mode 100644
index 3066b9771e7..00000000000
--- a/kerberosIV/kadm/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
-major=5
-minor=0
diff --git a/kerberosIV/kadmin/Makefile b/kerberosIV/kadmin/Makefile
deleted file mode 100644
index bc3d2ccc933..00000000000
--- a/kerberosIV/kadmin/Makefile
+++ /dev/null
@@ -1,25 +0,0 @@
-# $Id: Makefile,v 1.7 1998/04/26 22:32:11 art Exp $
-
-.include <bsd.obj.mk>
-
-PROG= kadmin
-SRCS= kadmin.c new_pwd.c sl.c
-
-.if exists(${.CURDIR}/../kadm/${__objdir})
-CFLAGS+=-I${.CURDIR}/../kadm/${__objdir}
-.else
-CFLAGS+=-I${.CURDIR}/../kadm
-.endif
-
-.if exists(${.CURDIR}/../krb/${__objdir})
-CFLAGS+=-I${.CURDIR}/../krb/${__objdir}
-.else
-CFLAGS+=-I${.CURDIR}/../krb
-.endif
-
-LDADD+= -lkadm -lkrb -ldes -lcom_err
-DPADD+= ${LIBKADM} ${LIBKRB} ${LIBDES} ${LIBCOM_ERR}
-CLEANFILES+= kadmin_cmds.c
-MAN= kadmin.8
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kadmin/kadmin.8 b/kerberosIV/kadmin/kadmin.8
deleted file mode 100644
index e0e447b0f1a..00000000000
--- a/kerberosIV/kadmin/kadmin.8
+++ /dev/null
@@ -1,180 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kadmin.8,v 1.4 1998/02/25 15:50:43 art Exp $
-.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kadmin \- network utility for Kerberos database administration
-.SH SYNOPSIS
-.B kadmin [-u user] [-r default_realm] [-m]
-.SH DESCRIPTION
-This utility provides a unified administration interface to
-the
-Kerberos
-master database.
-Kerberos
-administrators
-use
-.I kadmin
-to register new users and services to the master database,
-and to change information about existing database entries.
-For instance, an administrator can use
-.I kadmin
-to change a user's
-Kerberos
-password.
-A Kerberos administrator is a user with an ``admin'' instance
-whose name appears on one of the Kerberos administration access control
-lists. If the \-u option is used,
-.I user
-will be used as the administrator instead of the local user.
-If the \-r option is used,
-.I default_realm
-will be used as the default realm for transactions. Otherwise,
-the local realm will be used by default.
-If the \-m option is used, multiple requests will be permitted
-on only one entry of the admin password. Some sites won't
-support this option.
-
-The
-.I kadmin
-program communicates over the network with the
-.I kadmind
-program, which runs on the machine housing the Kerberos master
-database.
-The
-.I kadmind
-creates new entries and makes modifications to the database.
-
-When you enter the
-.I kadmin
-command,
-the program displays a message that welcomes you and explains
-how to ask for help.
-Then
-.I kadmin
-waits for you to enter commands (which are described below).
-It then asks you for your
-.I admin
-password before accessing the database.
-
-Use the
-.I add_new_key
-(or
-.I ank
-for short)
-command to register a new principal
-with the master database.
-The command requires one argument,
-the principal's name. The name
-given can be fully qualified using
-the standard
-.I name.instance@realm
-convention.
-You are asked to enter your
-.I admin
-password,
-then prompted twice to enter the principal's
-new password. If no realm is specified,
-the local realm is used unless another was
-given on the commandline with the \-r flag.
-If no instance is
-specified, a null instance is used. If
-a realm other than the default realm is specified,
-you will need to supply your admin password for
-the other realm.
-
-Use the
-.I change_password (cpw)
-to change a principal's
-Kerberos
-password.
-The command requires one argument,
-the principal's
-name.
-You are asked to enter your
-.I admin
-password,
-then prompted twice to enter the principal's new password.
-The name
-given can be fully qualified using
-the standard
-.I name.instance@realm
-convention.
-
-Use the
-.I change_admin_password (cap)
-to change your
-.I admin
-instance password.
-This command requires no arguments.
-It prompts you for your old
-.I admin
-password, then prompts you twice to enter the new
-.I admin
-password. If this is your first command,
-the default realm is used. Otherwise, the realm
-used in the last command is used.
-
-Use the
-.I destroy_tickets (dest)
-command to destroy your admin tickets explicitly.
-
-Use the
-.I list_requests (lr)
-command to get a list of possible commands.
-
-Use the
-.I help
-command to display
-.IR kadmin's
-various help messages.
-If entered without an argument,
-.I help
-displays a general help message.
-You can get detailed information on specific
-.I kadmin
-commands
-by entering
-.I help
-.IR command_name .
-
-To quit the program, type
-.IR quit .
-
-.SH BUGS
-The user interface is primitive, and the command names could be better.
-
-.SH "SEE ALSO"
-kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8)
-.br
-``A Subsystem Utilities Package for UNIX'' by Ken Raeburn
-.SH AUTHORS
-Jeffrey I. Schiller, MIT Project Athena
-.br
-Emanuel Jay Berkenbilt, MIT Project Athena
diff --git a/kerberosIV/kadmin/kadmin.c b/kerberosIV/kadmin/kadmin.c
deleted file mode 100644
index 0ddc290f1dd..00000000000
--- a/kerberosIV/kadmin/kadmin.c
+++ /dev/null
@@ -1,862 +0,0 @@
-/* $OpenBSD: kadmin.c,v 1.8 1999/05/23 17:19:24 aaron Exp $ */
-/* $KTH: kadmin.c,v 1.50 1997/11/03 19:51:46 assar Exp $ */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Kerberos database administrator's tool.
- *
- * The default behavior of kadmin is if the -m option is given
- * on the commandline, multiple requests are allowed to be given
- * with one entry of the admin password (until the tickets expire).
- */
-
-#include "kadm_locl.h"
-
-static int change_password(int argc, char **argv);
-static int change_key(int argc, char **argv);
-static int change_admin_password(int argc, char **argv);
-static int add_new_key(int argc, char **argv);
-static int del_entry(int argc, char **argv);
-static int get_entry(int argc, char **argv);
-static int mod_entry(int argc, char **argv);
-static int help(int argc, char **argv);
-static int clean_up_cmd(int argc, char **argv);
-static int quit_cmd(int argc, char **argv);
-
-static SL_cmd cmds[] = {
- {"change_password", change_password, "Change a user's password"},
- {"cpw"},
- {"passwd"},
- {"change_key", change_key, "Change a user's password as a DES binary key"},
- {"ckey"},
- {"change_admin_password", change_admin_password,
- "Change your admin password"},
- {"cap"},
- {"add_new_key", add_new_key, "Add new user to kerberos database"},
- {"ank"},
- {"del_entry", del_entry, "Delete entry from database"},
- {"del"},
- {"delete"},
- {"get_entry", get_entry, "Get entry from kerberos database"},
- {"mod_entry", mod_entry, "Modify entry in kerberos database"},
- {"destroy_tickets", clean_up_cmd, "Destroy admin tickets"},
- {"exit", quit_cmd, "Exit program"},
- {"quit"},
- {"help", help, "Help"},
- {"?"},
- {NULL}
-};
-
-#define BAD_PW 1
-#define GOOD_PW 0
-#define FUDGE_VALUE 15 /* for ticket expiration time */
-#define PE_NO 0
-#define PE_YES 1
-#define PE_UNSURE 2
-
-/* for get_password, whether it should do the swapping...necessary for
- using vals structure, unnecessary for change_pw requests */
-#define DONTSWAP 0
-#define SWAP 1
-
-static krb_principal pr;
-static char default_realm[REALM_SZ]; /* default kerberos realm */
-static char krbrlm[REALM_SZ]; /* current realm being administered */
-static int multiple = 0; /* Allow multiple requests per ticket */
-
-#ifdef NOENCRYPTION
-#define read_long_pw_string placebo_read_pw_string
-#else
-#define read_long_pw_string des_read_pw_string
-#endif
-
-time_t
-tm2time (struct tm tm, int local)
-{
- time_t t;
-
- tm.tm_isdst = -1;
-
- t = mktime (&tm);
-
- if (!local)
- t += t - mktime (gmtime (&t));
- return t;
-}
-
-static void
-get_maxlife(Kadm_vals *vals)
-{
- char buff[BUFSIZ];
- time_t life;
- int l;
-
- do {
- printf("Maximum ticket lifetime? (%d) [%s] ",
- vals->max_life, krb_life_to_atime(vals->max_life));
- fflush(stdout);
- if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
- clearerr(stdin);
- return;
- }
- life = krb_atime_to_life(buff);
- } while (life <= 0);
-
- l = strlen(buff);
- if (buff[l-2] == 'm')
- life = krb_time_to_life(0L, life*60);
- if (buff[l-2] == 'h')
- life = krb_time_to_life(0L, life*60*60);
-
- vals->max_life = life;
- SET_FIELD(KADM_MAXLIFE,vals->fields);
-}
-
-static void
-get_attr(Kadm_vals *vals)
-{
- char buff[BUFSIZ], *out;
- int attr;
-
- do {
- printf("Attributes? [0x%.2x] ", vals->attributes);
- fflush(stdout);
- if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
- clearerr(stdin);
- return;
- }
- attr = strtol(buff, &out, 0);
- if (attr == 0 && out == buff)
- attr = -1;
- } while (attr < 0 || attr > 0xffff);
-
- vals->attributes = attr;
- SET_FIELD(KADM_ATTR,vals->fields);
-}
-
-static void
-get_expdate(Kadm_vals *vals)
-{
- char buff[BUFSIZ];
- struct tm edate;
-
- memset(&edate, 0, sizeof(edate));
- do {
- printf("Expiration date (enter yyyy-mm-dd) ? [%.24s] ",
- asctime(k_localtime(&vals->exp_date)));
- fflush(stdout);
- if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
- clearerr(stdin);
- return;
- }
- if (sscanf(buff, "%d-%d-%d",
- &edate.tm_year, &edate.tm_mon, &edate.tm_mday) == 3) {
- edate.tm_mon--; /* January is 0, not 1 */
- edate.tm_hour = 23; /* nearly midnight at the end of the */
- edate.tm_min = 59; /* specified day */
- }
- } while (krb_check_tm (edate));
-
- edate.tm_year -= 1900;
- vals->exp_date = tm2time (edate, 1);
- SET_FIELD(KADM_EXPDATE,vals->fields);
-}
-
-static int
-princ_exists(char *name, char *instance, char *realm)
-{
- int status;
-
- int old = krb_use_admin_server(1);
- status = krb_get_pw_in_tkt(name, instance, realm,
- KRB_TICKET_GRANTING_TICKET,
- realm, 1, "");
- krb_use_admin_server(old);
-
- if ((status == KSUCCESS) || (status == INTK_BADPW))
- return(PE_YES);
- else if (status == KDC_PR_UNKNOWN)
- return(PE_NO);
- else
- return(PE_UNSURE);
-}
-
-static int
-get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap)
-{
- char new_passwd[MAX_KPW_LEN]; /* new password */
- des_cblock newkey;
-
- if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1))
- return(BAD_PW);
- if (strlen(new_passwd) == 0) {
- printf("Using random password.\n");
-#ifdef NOENCRYPTION
- memset(newkey, 0, sizeof(newkey));
-#else
- des_new_random_key(&newkey);
-#endif
- } else {
-#ifdef NOENCRYPTION
- memset(newkey, 0, sizeof(newkey));
-#else
- des_string_to_key(new_passwd, &newkey);
-#endif
- memset(new_passwd, 0, sizeof(new_passwd));
- }
-
- memcpy(low, newkey, 4);
- memcpy(high, ((char *)newkey) + 4, 4);
-
- memset(newkey, 0, sizeof(newkey));
-
-#ifdef NOENCRYPTION
- *low = 1;
-#endif
-
- if (byteswap != DONTSWAP) {
- *low = htonl(*low);
- *high = htonl(*high);
- }
- return(GOOD_PW);
-}
-
-static int
-get_admin_password(void)
-{
- int status;
- char admin_passwd[MAX_KPW_LEN]; /* Admin's password */
- int ticket_life = 1; /* minimum ticket lifetime */
- CREDENTIALS c;
-
- if (multiple) {
- /* If admin tickets exist and are valid, just exit. */
- memset(&c, 0, sizeof(c));
- if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS)
- /*
- * If time is less than lifetime - FUDGE_VALUE after issue date,
- * tickets will probably last long enough for the next
- * transaction.
- */
- if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE))
- return(KADM_SUCCESS);
- ticket_life = DEFAULT_TKT_LIFE;
- }
-
- if (princ_exists(pr.name, pr.instance, pr.realm) != PE_NO) {
- char prompt[256];
- snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
- if (read_long_pw_string(admin_passwd,
- sizeof(admin_passwd)-1,
- prompt, 0)) {
- warnx ("Error reading admin password.");
- goto bad;
- }
- status = krb_get_pw_in_tkt(pr.name, pr.instance, pr.realm,
- PWSERV_NAME, KADM_SINST,
- ticket_life, admin_passwd);
- memset(admin_passwd, 0, sizeof(admin_passwd));
-
- /* Initialize non shared random sequence from session key. */
- memset(&c, 0, sizeof(c));
- krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c);
- des_init_random_number_generator(&c.session);
- }
- else
- status = KDC_PR_UNKNOWN;
-
- switch(status) {
- case GT_PW_OK:
- return(GOOD_PW);
- case KDC_PR_UNKNOWN:
- printf("Principal %s does not exist.\n", krb_unparse_name(&pr));
- goto bad;
- case GT_PW_BADPW:
- printf("Incorrect admin password.\n");
- goto bad;
- default:
- com_err("kadmin", status+krb_err_base,
- "while getting password tickets");
- goto bad;
- }
-
- bad:
- memset(admin_passwd, 0, sizeof(admin_passwd));
- dest_tkt();
- return(BAD_PW);
-}
-
-static void
-usage(void)
-{
- fprintf (stderr, "Usage: kadmin [[-u|-p] admin_name] [-r default_realm]"
- " [-m]\n"
- " -m allows multiple admin requests to be "
- "serviced with one entry of admin\n"
- " password.\n");
- exit (1);
-}
-
-/* GLOBAL */
-static void
-clean_up()
-{
- dest_tkt();
-}
-
-static int
-clean_up_cmd (int argc, char **argv)
-{
- clean_up();
- return 0;
-}
-
-static int
-quit_cmd (int argc, char **argv)
-{
- return 1;
-}
-
-static void
-do_init(int argc, char **argv)
-{
- int c;
- int tflag = 0;
- char tktstring[MAXPATHLEN];
- int k_errno;
-
- memset(&pr, 0, sizeof(pr));
- if (krb_get_default_principal(pr.name, pr.instance, default_realm) < 0)
- errx (1, "I could not even guess who you might be");
- while ((c = getopt(argc, argv, "p:u:r:mt")) != -1)
- switch (c) {
- case 'p':
- case 'u':
- if((k_errno = krb_parse_name(optarg, &pr)) != KSUCCESS)
- errx (1, "%s", krb_get_err_text(k_errno));
- break;
- case 'r':
- memset(default_realm, 0, sizeof(default_realm));
- strncpy(default_realm, optarg, sizeof(default_realm) - 1);
- break;
- case 'm':
- multiple++;
- break;
- case 't':
- tflag++;
- break;
- default:
- usage();
- break;
- }
- if (optind < argc)
- usage();
-
- strncpy(krbrlm, default_realm, REALM_SZ - 1);
- krbrlm[REALM_SZ - 1] = '\0';
-
- if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS)
- krbrlm[0] = '\0';
- if (pr.realm[0] == '\0') {
- strncpy (pr.realm, krbrlm, REALM_SZ - 1);
- pr.realm[REALM_SZ - 1] = '\0';
- }
- if (pr.instance[0] == '\0') {
- strncpy(pr.instance, "admin", INST_SZ - 1);
- pr.instance[INST_SZ - 1] = '\0';
- }
-
- if (!tflag) {
- snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_adm_%d",(int)getpid());
- krb_set_tkt_string(tktstring);
- }
-
-}
-
-int
-main(int argc, char **argv)
-{
- do_init(argc, argv);
-
- printf("Welcome to the Kerberos Administration Program, version 2\n");
- printf("Type \"help\" if you need it.\n");
- sl_loop (cmds, "kadmin: ");
- printf("\nCleaning up and exiting.\n");
- clean_up();
- exit(0);
-}
-
-static int
-setvals(Kadm_vals *vals, char *string)
-{
- char realm[REALM_SZ];
- int status = KADM_SUCCESS;
-
- memset(vals, 0, sizeof(*vals));
- memset(realm, 0, sizeof(realm));
-
- SET_FIELD(KADM_NAME,vals->fields);
- SET_FIELD(KADM_INST,vals->fields);
- if ((status = kname_parse(vals->name, vals->instance, realm, string))) {
- printf("kerberos error: %s\n", krb_get_err_text(status));
- return status;
- }
- if (realm[0] == '\0') {
- strncpy(realm, default_realm, REALM_SZ - 1);
- realm[REALM_SZ - 1] = '\0';
- }
- if (strcmp(realm, krbrlm)) {
- strncpy(krbrlm, realm, REALM_SZ - 1);
- krbrlm[REALM_SZ - 1] = '\0';
- if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm))
- != KADM_SUCCESS)
- printf("kadm error for realm %s: %s\n",
- krbrlm, error_message(status));
- }
- if (status)
- return 1;
- else
- return KADM_SUCCESS;
-}
-
-static int
-change_password(int argc, char **argv)
-{
- Kadm_vals old, new;
- int status;
- char pw_prompt[BUFSIZ];
-
- if (argc != 2) {
- printf("Usage: change_password loginname\n");
- return 0;
- }
-
- if (setvals(&old, argv[1]) != KADM_SUCCESS)
- return 0;
-
- new = old;
-
- SET_FIELD(KADM_DESKEY,new.fields);
-
- if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
- /* get the admin's password */
- if (get_admin_password() != GOOD_PW)
- return 0;
-
- /* get the new password */
- snprintf(pw_prompt, sizeof(pw_prompt), "New password for %s:", argv[1]);
-
- if (get_password(&new.key_low, &new.key_high,
- pw_prompt, SWAP) == GOOD_PW) {
- status = kadm_mod(&old, &new);
- if (status == KADM_SUCCESS) {
- printf("Password changed for %s.\n", argv[1]);
- } else {
- printf("kadmin: %s\nwhile changing password for %s",
- error_message(status), argv[1]);
- }
- } else
- printf("Error reading password; password unchanged\n");
- memset(&new, 0, sizeof(new));
- if (!multiple)
- clean_up();
- }
- else
- printf("kadmin: Principal %s does not exist.\n",
- krb_unparse_name_long (old.name, old.instance, krbrlm));
- return 0;
-}
-
-static int
-getkey(unsigned char *k)
-{
- int i, c;
- for (i = 0; i < 8; i++)
- {
- c = getchar();
- if (c == EOF)
- return 0;
- else if (c == '\\')
- {
- int oct = -1;
- scanf("%03o", &oct);
- if (oct < 0 || oct > 255)
- return 0;
- k[i] = oct;
- }
- else if (!isalpha(c))
- return 0;
- else
- k[i] = c;
- }
- c = getchar();
- if (c != '\n')
- return 0;
- return 1; /* Success */
-}
-
-static void
-printkey(unsigned char *tkey)
-{
- int j;
- for(j = 0; j < 8; j++)
- if(tkey[j] != '\\' && isalpha(tkey[j]) != 0)
- printf("%c", tkey[j]);
- else
- printf("\\%03o",(unsigned char)tkey[j]);
- printf("\n");
-}
-
-static int
-change_key(int argc, char **argv)
-{
- Kadm_vals old, new;
- unsigned char newkey[8];
- int status;
-
- if (argc != 2) {
- printf("Usage: change_key principal-name\n");
- return 0;
- }
-
- if (setvals(&old, argv[1]) != KADM_SUCCESS)
- return 0;
-
- new = old;
-
- SET_FIELD(KADM_DESKEY,new.fields);
-
- if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
- /* get the admin's password */
- if (get_admin_password() != GOOD_PW)
- return 0;
-
- /* get the new password */
- printf("New DES key for %s: ", argv[1]);
-
- if (getkey(newkey)) {
- memcpy(&new.key_low, newkey, 4);
- memcpy(&new.key_high, ((char *)newkey) + 4, 4);
- printf("Entered key for %s: ", argv[1]);
- printkey(newkey);
- memset(newkey, 0, sizeof(newkey));
-
- status = kadm_mod(&old, &new);
- if (status == KADM_SUCCESS) {
- printf("Key changed for %s.\n", argv[1]);
- } else {
- printf("kadmin: %s\nwhile changing key for %s",
- error_message(status), argv[1]);
- }
- } else
- printf("Error reading key; key unchanged\n");
- memset(&new, 0, sizeof(new));
- if (!multiple)
- clean_up();
- }
- else
- printf("kadmin: Principal %s does not exist.\n",
- krb_unparse_name_long (old.name, old.instance, krbrlm));
- return 0;
-}
-
-static int
-change_admin_password(int argc, char **argv)
-{
- des_cblock newkey;
- int status;
- char pword[MAX_KPW_LEN];
- char *pw_msg;
-
- if (argc != 1) {
- printf("Usage: change_admin_password\n");
- return 0;
- }
- if (get_pw_new_pwd(pword, sizeof(pword), &pr, 1) == 0) {
- des_string_to_key(pword, &newkey);
- status = kadm_change_pw_plain(newkey, pword, &pw_msg);
- if(status == KADM_INSECURE_PW)
- printf("Insecure password: %s\n", pw_msg);
- else if (status == KADM_SUCCESS)
- printf("Admin password changed\n");
- else
- printf("kadm error: %s\n",error_message(status));
- memset(newkey, 0, sizeof(newkey));
- memset(pword, 0, sizeof(pword));
- }
- if (!multiple)
- clean_up();
- return 0;
-}
-
-static int
-add_new_key(int argc, char **argv)
-{
- Kadm_vals new;
- char pw_prompt[BUFSIZ];
- int status;
-
- if (argc != 2) {
- printf("Usage: add_new_key user_name.\n");
- return 0;
- }
- if (setvals(&new, argv[1]) != KADM_SUCCESS)
- return 0;
-
- SET_FIELD(KADM_EXPDATE,new.fields);
- SET_FIELD(KADM_ATTR,new.fields);
- SET_FIELD(KADM_MAXLIFE,new.fields);
- SET_FIELD(KADM_DESKEY,new.fields);
-
- if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) {
- Kadm_vals vals;
- u_char fields[4];
- char n[ANAME_SZ + INST_SZ + 1];
-
- /* get the admin's password */
- if (get_admin_password() != GOOD_PW)
- return 0;
-
- memset(fields, 0, sizeof(fields));
- SET_FIELD(KADM_NAME,fields);
- SET_FIELD(KADM_INST,fields);
- SET_FIELD(KADM_EXPDATE,fields);
- SET_FIELD(KADM_ATTR,fields);
- SET_FIELD(KADM_MAXLIFE,fields);
- snprintf (n, sizeof(n), "default.%s", new.instance);
- if (setvals(&vals, n) != KADM_SUCCESS)
- return 0;
-
- if (kadm_get(&vals, fields) != KADM_SUCCESS) {
- if (setvals(&vals, "default") != KADM_SUCCESS)
- return 0;
- if ((status = kadm_get(&vals, fields)) != KADM_SUCCESS) {
- printf ("kadm error: %s\n", error_message(status));
- return 0;
- }
- }
-
- if (vals.max_life == 255) /* Defaults not set! */ {
- /* This is the default maximum lifetime for new principals. */
- if (strcmp(new.instance, "admin") == 0)
- vals.max_life = 1 + (CLOCK_SKEW/(5*60)); /* 5+5 minutes */
- else if (strcmp(new.instance, "root") == 0)
- vals.max_life = 96; /* 8 hours */
- else if (krb_life_to_time(0, 162) >= 24*60*60)
- vals.max_life = 162; /* ca 100 hours */
- else
- vals.max_life = 255; /* ca 21 hours (maximum) */
-
- /* Also fix expiration date. */
- if (strcmp(new.name, "rcmd") == 0)
- vals.exp_date = 1104814999; /* Tue Jan 4 06:03:19 2005 */
- else
- vals.exp_date = time(0) + 2*(365*24*60*60); /* + ca 2 years */
- }
-
- new.max_life = vals.max_life;
- new.exp_date = vals.exp_date;
- new.attributes = vals.attributes;
- get_maxlife(&new);
- get_attr(&new);
- get_expdate(&new);
-
- /* get the new password */
- snprintf(pw_prompt, sizeof(pw_prompt), "Password for %s:", argv[1]);
-
- if (get_password(&new.key_low, &new.key_high,
- pw_prompt, SWAP) == GOOD_PW) {
- status = kadm_add(&new);
- if (status == KADM_SUCCESS) {
- printf("%s added to database.\n", argv[1]);
- } else {
- printf("kadm error: %s\n",error_message(status));
- }
- } else
- printf("Error reading password; %s not added\n",argv[1]);
- memset(&new, 0, sizeof(new));
- if (!multiple)
- clean_up();
- }
- else
- printf("kadmin: Principal already exists.\n");
- return 0;
-}
-
-static int
-del_entry(int argc, char **argv)
-{
- int status;
- Kadm_vals vals;
-
- if (argc != 2) {
- printf("Usage: del_entry username\n");
- return 0;
- }
-
- if (setvals(&vals, argv[1]) != KADM_SUCCESS)
- return 0;
-
- if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
- /* get the admin's password */
- if (get_admin_password() != GOOD_PW)
- return 0;
-
- if ((status = kadm_del(&vals)) == KADM_SUCCESS){
- printf("%s removed from database.\n", argv[1]);
- } else {
- printf("kadm error: %s\n",error_message(status));
- }
-
- if (!multiple)
- clean_up();
- }
- else
- printf("kadmin: Principal %s does not exist.\n",
- krb_unparse_name_long (vals.name, vals.instance, krbrlm));
- return 0;
-}
-
-static int
-get_entry(int argc, char **argv)
-{
- int status;
- u_char fields[4];
- Kadm_vals vals;
-
- if (argc != 2) {
- printf("Usage: get_entry username\n");
- return 0;
- }
-
- memset(fields, 0, sizeof(fields));
-
- SET_FIELD(KADM_NAME,fields);
- SET_FIELD(KADM_INST,fields);
- SET_FIELD(KADM_EXPDATE,fields);
- SET_FIELD(KADM_ATTR,fields);
- SET_FIELD(KADM_MAXLIFE,fields);
-#if 0
- SET_FIELD(KADM_DESKEY,fields);
-#endif
-
- if (setvals(&vals, argv[1]) != KADM_SUCCESS)
- return 0;
-
-
- if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
- /* get the admin's password */
- if (get_admin_password() != GOOD_PW)
- return 0;
-
- if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS)
- prin_vals(&vals);
- else
- printf("kadm error: %s\n",error_message(status));
-
- if (!multiple)
- clean_up();
- }
- else
- printf("kadmin: Principal %s does not exist.\n",
- krb_unparse_name_long (vals.name, vals.instance, krbrlm));
- return 0;
-}
-
-static int
-mod_entry(int argc, char **argv)
-{
- int status;
- u_char fields[4];
- Kadm_vals ovals, nvals;
-
- if (argc != 2) {
- printf("Usage: mod_entry username\n");
- return 0;
- }
-
- memset(fields, 0, sizeof(fields));
-
- SET_FIELD(KADM_NAME,fields);
- SET_FIELD(KADM_INST,fields);
- SET_FIELD(KADM_EXPDATE,fields);
- SET_FIELD(KADM_ATTR,fields);
- SET_FIELD(KADM_MAXLIFE,fields);
-
- if (setvals(&ovals, argv[1]) != KADM_SUCCESS)
- return 0;
-
- nvals = ovals;
-
- if (princ_exists(ovals.name, ovals.instance, krbrlm) == PE_NO) {
- printf("kadmin: Principal %s does not exist.\n",
- krb_unparse_name_long (ovals.name, ovals.instance, krbrlm));
- return 0;
- }
-
- /* get the admin's password */
- if (get_admin_password() != GOOD_PW)
- return 0;
-
- if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
- printf("[ unable to retrieve current settings: %s ]\n",
- error_message(status));
- nvals.max_life = DEFAULT_TKT_LIFE;
- nvals.exp_date = 0;
- nvals.attributes = 0;
- } else {
- nvals.max_life = ovals.max_life;
- nvals.exp_date = ovals.exp_date;
- nvals.attributes = ovals.attributes;
- }
-
- get_maxlife(&nvals);
- get_attr(&nvals);
- get_expdate(&nvals);
-
- if (IS_FIELD(KADM_MAXLIFE, nvals.fields) ||
- IS_FIELD(KADM_ATTR, nvals.fields) ||
- IS_FIELD(KADM_EXPDATE, nvals.fields)) {
- if ((status = kadm_mod(&ovals, &nvals)) != KADM_SUCCESS) {
- printf("kadm error: %s\n",error_message(status));
- goto out;
- }
- if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
- printf("kadm error: %s\n",error_message(status));
- goto out;
- }
- }
- prin_vals(&ovals);
-
-out:
- if (!multiple)
- clean_up();
- return 0;
-}
-
-static int
-help(int argc, char **argv)
-{
- sl_help (cmds, argc, argv);
- return 0;
-}
diff --git a/kerberosIV/kadmin/new_pwd.c b/kerberosIV/kadmin/new_pwd.c
deleted file mode 100644
index 950fe42218c..00000000000
--- a/kerberosIV/kadmin/new_pwd.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/* $OpenBSD: new_pwd.c,v 1.2 1998/02/18 11:53:46 art Exp $ */
-/* $KTH: new_pwd.c,v 1.11 1997/05/02 14:28:54 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadm_locl.h"
-
-#ifdef NOENCRYPTION
-#define read_long_pw_string placebo_read_pw_string
-#else
-#define read_long_pw_string des_read_pw_string
-#endif
-
-static char *
-check_pw (char *pword)
-{
- if (strlen(pword) == 0)
- return "Null passwords are not allowed - Please enter a longer password.";
-
- if (strlen(pword) < MIN_KPW_LEN)
- return "Password is to short - Please enter a longer password.";
-
- /* Don't allow all lower case passwords regardless of length */
- {
- char *t;
- for (t = pword; *t && islower(*t); t++)
- ;
- if (*t == 0)
- return "Please don't use an all-lower case password.\n"
- "\tUnusual capitalization, delimiter characters or "
- "digits are suggested.";
- }
-
- return NULL;
-}
-
-int
-get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr, int print_realm)
-{
- char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
- char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */
-
- char p[MAX_K_NAME_SZ];
-
- char local_realm[REALM_SZ];
- int status;
- char *expl;
-
- /*
- * We don't care about failure; this is to determine whether or
- * not to print the realm in the prompt for a new password.
- */
- krb_get_lrealm(local_realm, 1);
-
- if (strcmp(local_realm, pr->realm))
- print_realm++;
-
- {
- char *q;
- krb_unparse_name_r(pr, p);
- if(print_realm == 0 && (q = strrchr(p, '@')))
- *q = 0;
- }
-
- snprintf(ppromp, sizeof(ppromp), "Old password for %s:", p);
- if (read_long_pw_string(pword, pwlen-1, ppromp, 0)) {
- fprintf(stderr, "Error reading old password.\n");
- return -1;
- }
-
- status = krb_get_pw_in_tkt(pr->name, pr->instance, pr->realm,
- PWSERV_NAME, KADM_SINST, 1, pword);
- if (status != KSUCCESS) {
- if (status == INTK_BADPW) {
- printf("Incorrect old password.\n");
- return -1;
- }
- else {
- fprintf(stderr, "Kerberos error: %s\n", krb_get_err_text(status));
- return -1;
- }
- }
- memset(pword, 0, pwlen);
-
- do {
- char verify[MAX_KPW_LEN];
- snprintf(npromp, sizeof(npromp), "New Password for %s:",p);
- if (read_long_pw_string(pword, pwlen-1, npromp, 0)) {
- fprintf(stderr,
- "Error reading new password, password unchanged.\n");
- return -1;
- }
- expl = check_pw (pword);
- if (expl) {
- printf("\n\t%s\n\n", expl);
- continue;
- }
- /* Now we got an ok password, verify it. */
- snprintf(npromp, sizeof(npromp), "Verifying New Password for %s:", p);
- if (read_long_pw_string(verify, MAX_KPW_LEN-1, npromp, 0)) {
- fprintf(stderr,
- "Error reading new password, password unchanged.\n");
- return -1;
- }
- if (strcmp(pword, verify) != 0) {
- printf("Verify failure - try again\n");
- expl = ""; /* continue */
- }
- } while (expl);
- return 0;
-}
diff --git a/kerberosIV/kadmin/sl.c b/kerberosIV/kadmin/sl.c
deleted file mode 100644
index 5ec5500406a..00000000000
--- a/kerberosIV/kadmin/sl.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/* $OpenBSD: sl.c,v 1.3 1998/08/16 02:42:07 art Exp $ */
-/* $KTH: sl.c,v 1.15 1997/10/19 23:12:40 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "sl_locl.h"
-
-static SL_cmd *
-sl_match (SL_cmd *cmds, char *cmd, int exactp)
-{
- SL_cmd *c, *current = NULL, *partial_cmd = NULL;
- int partial_match = 0;
-
- for (c = cmds; c->name; ++c) {
- if (c->func)
- current = c;
- if (strcmp (cmd, c->name) == 0)
- return current;
- else if (strncmp (cmd, c->name, strlen(cmd)) == 0 &&
- partial_cmd != current) {
- ++partial_match;
- partial_cmd = current;
- }
- }
- if (partial_match == 1 && !exactp)
- return partial_cmd;
- else
- return NULL;
-}
-
-void
-sl_help (SL_cmd *cmds, int argc, char **argv)
-{
- SL_cmd *c, *prev_c;
-
- if (argc == 1) {
- prev_c = NULL;
- for (c = cmds; c->name; ++c) {
- if (c->func) {
- if(prev_c)
- printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
- prev_c->usage ? "\n" : "");
- prev_c = c;
- printf ("%s", c->name);
- } else
- printf (", %s", c->name);
- }
- if(prev_c)
- printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
- prev_c->usage ? "\n" : "");
- } else {
- c = sl_match (cmds, argv[1], 0);
- if (c == NULL)
- printf ("No such command: %s. "
- "Try \"help\" for a list of all commands\n",
- argv[1]);
- else {
- printf ("%s\t%s", c->name, c->usage);
- if(c->help && *c->help)
- printf ("%s\n", c->help);
- if((++c)->name && c->func == NULL) {
- printf ("\nSynonyms:");
- while (c->name && c->func == NULL)
- printf ("\t%s", (c++)->name);
- }
- printf ("\n");
- }
- }
-}
-
-static char *
-readline(char *prompt)
-{
- char buf[BUFSIZ];
- printf ("%s", prompt);
- fflush (stdout);
- if(fgets(buf, sizeof(buf), stdin) == NULL)
- return NULL;
- if (buf[strlen(buf) - 1] == '\n')
- buf[strlen(buf) - 1] = '\0';
- return strdup(buf);
-}
-
-static void
-add_history(char *p)
-{
-}
-
-int
-sl_command(SL_cmd *cmds, int argc, char **argv)
-{
- SL_cmd *c;
- c = sl_match (cmds, argv[0], 0);
- if (c == NULL)
- return -1;
- return (*c->func)(argc, argv);
-}
-
-int
-sl_loop (SL_cmd *cmds, char *prompt)
-{
- unsigned max_count;
- char **ptr;
- int ret;
-
- max_count = 17;
- ptr = malloc(max_count * sizeof(*ptr));
- if (ptr == NULL) {
- printf ("sl_loop: failed to allocate %u bytes of memory\n",
- (int) max_count * sizeof(*ptr));
- return -1;
- }
-
- for (;;) {
- char *buf;
- unsigned count;
- SL_cmd *c;
-
- ret = 0;
- buf = readline(prompt);
- if(buf == NULL)
- break;
-
- if(*buf)
- add_history(buf);
- count = 0;
- {
- char *foo = NULL;
- char *p;
-
- for(p = strtok_r (buf, " \t", &foo);
- p;
- p = strtok_r (NULL, " \t", &foo)) {
- if(count == max_count) {
- char **temp;
-
- max_count *= 2;
- temp = realloc (ptr, max_count * sizeof(*ptr));
- if (temp == NULL) {
- printf ("sl_loop: failed to allocate %u "
- "bytes of memory\n",
- (unsigned) max_count * sizeof(*ptr));
-
- free(ptr);
- return -1;
- }
- ptr = temp;
- }
- ptr[count++] = p;
- }
- }
- if (count > 0) {
- c = sl_match (cmds, ptr[0], 0);
- if (c) {
- ret = (*c->func)(count, ptr);
- if (ret != 0) {
- free (buf);
- buf = NULL;
- break;
- }
- } else
- printf ("Unrecognized command: %s\n", ptr[0]);
- }
- free(buf);
- buf = NULL;
- }
- free (ptr);
- ptr = NULL;
- return 0;
-}
diff --git a/kerberosIV/kadmind/Makefile b/kerberosIV/kadmind/Makefile
deleted file mode 100644
index 6588bd72fb6..00000000000
--- a/kerberosIV/kadmind/Makefile
+++ /dev/null
@@ -1,25 +0,0 @@
-# $OpenBSD: Makefile,v 1.8 1998/04/26 22:33:25 art Exp $
-
-.include <bsd.obj.mk>
-
-PROG= kadmind
-SRCS= admin_server.c kadm_funcs.c kadm_ser_wrap.c kadm_server.c pw_check.c
-
-.if exists(${.CURDIR}/../kadm/${__objdir})
-CFLAGS+=-I${.CURDIR}/../kadm/${__objdir}
-.else
-CFLAGS+=-I${.CURDIR}/../kadm
-.endif
-
-.if exists(${.CURDIR}/../krb/${__objdir})
-CFLAGS+=-I${.CURDIR}/../krb/${__objdir}
-.else
-CFLAGS+=-I${.CURDIR}/../krb
-.endif
-
-LDADD+= -lkadm -lkdb -lkrb -ldes -lacl -lcom_err
-DPADD= ${LIBKADM} ${LIBKDB} ${LIBKRB} ${LIBDES} ${LIBACL} ${LIBCOM_ERR}
-MAN= kadmind.8
-BINDIR=/usr/libexec
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kadmind/admin_server.c b/kerberosIV/kadmind/admin_server.c
deleted file mode 100644
index 8c50c24c536..00000000000
--- a/kerberosIV/kadmind/admin_server.c
+++ /dev/null
@@ -1,428 +0,0 @@
-/* $OpenBSD: admin_server.c,v 1.5 1999/05/23 17:19:24 aaron Exp $ */
-/* $KTH: admin_server.c,v 1.42 1997/12/04 19:31:39 assar Exp $ */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Top-level loop of the kerberos Administration server
- */
-
-/*
- admin_server.c
- this holds the main loop and initialization and cleanup code for the server
-*/
-
-#include "kadm_locl.h"
-
-/* Almost all procs and such need this, so it is global */
-admin_params prm; /* The command line parameters struct */
-
-/* GLOBAL */
-char *acldir = DEFAULT_ACL_DIR;
-static char krbrlm[REALM_SZ];
-
-static unsigned pidarraysize = 0;
-static int *pidarray = (int *)0;
-
-static int exit_now = 0;
-
-void
-doexit(int sig)
-{
- exit_now = 1;
- return;
-}
-
-void
-do_child(int sig)
-{
- int pid;
- int i, j;
-
- int status;
-
- pid = wait(&status);
-
- /* Reinstall signal handlers for SysV. Must be done *after* wait */
- signal(SIGCHLD, do_child);
-
- for (i = 0; i < pidarraysize; i++)
- if (pidarray[i] == pid) {
- /* found it */
- for (j = i; j < pidarraysize-1; j++)
- /* copy others down */
- pidarray[j] = pidarray[j+1];
- pidarraysize--;
- if ((WIFEXITED(status) && WEXITSTATUS(status) != 0)
- || WIFSIGNALED(status))
- krb_log("child %d: termsig %d, retcode %d", pid,
- WTERMSIG(status), WEXITSTATUS(status));
- return;
- }
- krb_log("child %d not in list: termsig %d, retcode %d", pid,
- WTERMSIG(status), WEXITSTATUS(status));
-}
-
-static void
-kill_children(void)
-{
- int i;
-
- for (i = 0; i < pidarraysize; i++) {
- kill(pidarray[i], SIGINT);
- krb_log("killing child %d", pidarray[i]);
- }
-}
-
-/* close the system log file */
-static void
-close_syslog(void)
-{
- krb_log("Shutting down admin server");
-}
-
-static void
-byebye(void) /* say goodnight gracie */
-{
- printf("Admin Server (kadm server) has completed operation.\n");
-}
-
-static void
-clear_secrets(void)
-{
- memset(server_parm.master_key, 0, sizeof(server_parm.master_key));
- memset(server_parm.master_key_schedule, 0,
- sizeof(server_parm.master_key_schedule));
- server_parm.master_key_version = 0L;
-}
-
-#ifdef DEBUG
-#define cleanexit(code) {kerb_fini(); return;}
-#endif
-
-#ifndef DEBUG
-static void
-cleanexit(int val)
-{
- kerb_fini();
- clear_secrets();
- exit(val);
-}
-#endif
-
-static void
-process_client(int fd, struct sockaddr_in *who)
-{
- u_char *dat;
- int dat_len;
- u_short dlen;
- int retval;
- int on = 1;
- Principal service;
- des_cblock skey;
- int more;
- int status;
-
- if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0)
- krb_log("setsockopt keepalive: %d",errno);
-
- server_parm.recv_addr = *who;
-
- if (kerb_init()) { /* Open as client */
- krb_log("can't open krb db");
- cleanexit(1);
- }
- /* need to set service key to changepw.KRB_MASTER */
-
- status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service,
- 1, &more);
- if (status == -1) {
- /* db locked */
- int32_t retcode = KADM_DB_INUSE;
- char *pdat;
-
- dat_len = KADM_VERSIZE + sizeof(retcode);
- dat = (u_char *) malloc((unsigned)dat_len);
- pdat = (char *) dat;
- retcode = htonl((u_int32_t) KADM_DB_INUSE);
- strncpy(pdat, KADM_ULOSE, KADM_VERSIZE);
- memcpy(pdat+KADM_VERSIZE, &retcode, sizeof(retcode));
- goto out;
- } else if (!status) {
- krb_log("no service %s.%s",server_parm.sname, server_parm.sinst);
- cleanexit(2);
- }
-
- copy_to_key(&service.key_low, &service.key_high, skey);
- memset(&service, 0, sizeof(service));
- kdb_encrypt_key (&skey, &skey, &server_parm.master_key,
- server_parm.master_key_schedule, DES_DECRYPT);
- krb_set_key(skey, 0); /* if error, will show up when
- rd_req fails */
- memset(skey, 0, sizeof(skey));
-
- while (1) {
- if ((retval = krb_net_read(fd, &dlen, sizeof(u_short))) !=
- sizeof(u_short)) {
- if (retval < 0)
- krb_log("dlen read: %s",error_message(errno));
- else if (retval)
- krb_log("short dlen read: %d",retval);
- close(fd);
- cleanexit(retval ? 3 : 0);
- }
- if (exit_now) {
- cleanexit(0);
- }
- dat_len = ntohs(dlen);
- dat = (u_char *) malloc(dat_len);
- if (!dat) {
- krb_log("malloc: No memory");
- close(fd);
- cleanexit(4);
- }
- if ((retval = krb_net_read(fd, dat, dat_len)) != dat_len) {
- if (retval < 0)
- krb_log("data read: %s",error_message(errno));
- else
- krb_log("short read: %d vs. %d", dat_len, retval);
- close(fd);
- cleanexit(5);
- }
- if (exit_now) {
- cleanexit(0);
- }
- if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS)
- krb_log("processing request: %s", error_message(retval));
-
- /* kadm_ser_in did the processing and returned stuff in
- dat & dat_len , return the appropriate data */
-
- out:
- dlen = htons(dat_len);
-
- if (krb_net_write(fd, &dlen, sizeof(u_short)) < 0) {
- krb_log("writing dlen to client: %s",error_message(errno));
- close(fd);
- cleanexit(6);
- }
-
- if (krb_net_write(fd, dat, dat_len) < 0) {
- krb_log("writing to client: %s", error_message(errno));
- close(fd);
- cleanexit(7);
- }
- free(dat);
- }
- /*NOTREACHED*/
-}
-
-/*
-kadm_listen
-listen on the admin servers port for a request
-*/
-static int
-kadm_listen(void)
-{
- int found;
- int admin_fd;
- int peer_fd;
- fd_set mask, readfds;
- struct sockaddr_in peer;
- int addrlen;
- int pid;
- int *temp;
-
- signal(SIGINT, doexit);
- signal(SIGTERM, doexit);
- signal(SIGHUP, doexit);
- signal(SIGQUIT, doexit);
- signal(SIGPIPE, SIG_IGN); /* get errors on write() */
- signal(SIGALRM, doexit);
- signal(SIGCHLD, do_child);
- if (setsid() < 0)
- krb_log("setsid() failed");
-
- if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
- return KADM_NO_SOCK;
- {
- int one=1;
- setsockopt(admin_fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
- sizeof(one));
- }
- if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr,
- sizeof(struct sockaddr_in)) < 0)
- return KADM_NO_BIND;
- listen(admin_fd, 1);
- FD_ZERO(&mask);
- FD_SET(admin_fd, &mask);
-
- for (;;) { /* loop nearly forever */
- if (exit_now) {
- clear_secrets();
- kill_children();
- return(0);
- }
- readfds = mask;
- if ((found = select(admin_fd+1, &readfds, 0,
- 0, (struct timeval *)0)) == 0)
- continue; /* no things read */
- if (found < 0) {
- if (errno != EINTR)
- krb_log("select: %s",error_message(errno));
- continue;
- }
- if (FD_ISSET(admin_fd, &readfds)) {
- /* accept the conn */
- addrlen = sizeof(peer);
- if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer,
- &addrlen)) < 0) {
- krb_log("accept: %s",error_message(errno));
- continue;
- }
-#ifndef DEBUG
- /* grow the pidarray before forking, so we can catch the errors */
- temp = realloc(pidarray, ++pidarraysize);
- if (temp == NULL) {
- krb_log("realloc: %s", error_message(errno));
- close(peer_fd);
- continue;
- }
- pidarray = temp;
- /* if you want a sep daemon for each server */
- if ((pid = fork())) {
- /* parent */
- if (pid < 0) {
- krb_log("fork: %s",error_message(errno));
- close(peer_fd);
- continue;
- }
- /* fork succeded: keep tabs on child */
- close(peer_fd);
- pidarray[pidarraysize-1] = pid;
- } else {
- /* child */
- close(admin_fd);
-#endif /* DEBUG */
- /*
- * If we are multihomed we need to figure out which
- * local address that is used this time since it is
- * used in "direction" comparison.
- */
- getsockname(peer_fd,
- (struct sockaddr *)&server_parm.admin_addr,
- &addrlen);
- /* do stuff */
- process_client (peer_fd, &peer);
-#ifndef DEBUG
- }
-#endif
- } else {
- krb_log("something else woke me up!");
- return(0);
- }
- }
- /*NOTREACHED*/
-}
-
-/*
-** Main does the logical thing, it sets up the database and RPC interface,
-** as well as handling the creation and maintenance of the syslog file...
-*/
-int
-main(int argc, char **argv) /* admin_server main routine */
-{
- int errval;
- int c;
-
- umask(077); /* Create protected files */
-
- /* initialize the admin_params structure */
- prm.sysfile = KADM_SYSLOG; /* default file name */
- prm.inter = 0;
-
- memset(krbrlm, 0, sizeof(krbrlm));
-
- while ((c = getopt(argc, argv, "f:hmnd:a:r:")) != -1)
- switch(c) {
- case 'f': /* Syslog file name change */
- prm.sysfile = optarg;
- break;
- case 'n':
- prm.inter = 0;
- break;
- case 'm':
- prm.inter = 1;
- break;
- case 'a': /* new acl directory */
- acldir = optarg;
- break;
- case 'd':
- /* put code to deal with alt database place */
- if ((errval = kerb_db_set_name(optarg)))
- errx (1, "opening database %s: %s",
- optarg, error_message(errval));
- break;
- case 'r':
- strncpy(krbrlm, optarg, sizeof(krbrlm) - 1);
- krbrlm[sizeof(krbrlm) - 1] = '\0';
- break;
- case 'h': /* get help on using admin_server */
- default:
- errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir]");
- }
-
- if (krbrlm[0] == 0)
- if (krb_get_lrealm(krbrlm, 0) != KSUCCESS)
- errx (1, "Unable to get local realm. Fix krb.conf or use -r.");
-
- printf("KADM Server %s initializing\n",KADM_VERSTR);
- printf("Please do not use 'kill -9' to kill this job, use a\n");
- printf("regular kill instead\n\n");
-
- kset_logfile(prm.sysfile);
- krb_log("Admin server starting");
-
- kerb_db_set_lockmode(KERB_DBL_NONBLOCKING);
- errval = kerb_init(); /* Open the Kerberos database */
- if (errval) {
- warnx ("error: kerb_init() failed");
- close_syslog();
- byebye();
- }
- /* set up the server_parm struct */
- if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) {
- kerb_fini(); /* Close the Kerberos database--
- will re-open later */
- errval = kadm_listen(); /* listen for calls to server from
- clients */
- }
- if (errval != KADM_SUCCESS) {
- warnx("error: %s",error_message(errval));
- kerb_fini(); /* Close if error */
- }
- close_syslog(); /* Close syslog file, print
- closing note */
- byebye(); /* Say bye bye on the terminal
- in use */
- exit(1);
-} /* procedure main */
diff --git a/kerberosIV/kadmind/kadm_funcs.c b/kerberosIV/kadmind/kadm_funcs.c
deleted file mode 100644
index 3e1c45c1bda..00000000000
--- a/kerberosIV/kadmind/kadm_funcs.c
+++ /dev/null
@@ -1,451 +0,0 @@
-/* $OpenBSD: kadm_funcs.c,v 1.3 1997/12/15 17:56:21 art Exp $ */
-/* $KTH: kadm_funcs.c,v 1.16 1997/05/02 14:28:49 assar Exp $ */
-
-/*
- Copyright (C) 1989 by the Massachusetts Institute of Technology
-
- Export of this software from the United States of America is assumed
- to require a specific license from the United States Government.
- It is the responsibility of any person or organization contemplating
- export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission. M.I.T. makes no representations about the suitability of
-this software for any purpose. It is provided "as is" without express
-or implied warranty.
-
-*/
-
-/*
- * Kerberos administration server-side database manipulation routines
- */
-
-/*
- * kadm_funcs.c
- * the actual database manipulation code
- */
-
-#include "kadm_locl.h"
-
-static int
-check_access(char *pname, char *pinst, char *prealm, enum acl_types acltype)
-{
- char checkname[MAX_K_NAME_SZ];
- char filename[MAXPATHLEN];
-
- snprintf(checkname, sizeof(checkname), "%s.%s@%s", pname, pinst, prealm);
-
- switch (acltype) {
- case ADDACL:
- snprintf(filename, sizeof(filename), "%s%s", acldir, ADD_ACL_FILE);
- break;
- case GETACL:
- snprintf(filename, sizeof(filename), "%s%s", acldir, GET_ACL_FILE);
- break;
- case MODACL:
- snprintf(filename, sizeof(filename), "%s%s", acldir, MOD_ACL_FILE);
- break;
- case DELACL:
- snprintf(filename, sizeof(filename), "%s%s", acldir, DEL_ACL_FILE);
- break;
- default:
- krb_log("WARNING in check_access: default case in switch");
- return 0;
- }
- return(acl_check(filename, checkname));
-}
-
-static int
-wildcard(char *str)
-{
- if (!strcmp(str, WILDCARD_STR))
- return(1);
- return(0);
-}
-
-static int
-fail(int code, char *oper, char *princ)
-{
- krb_log("ERROR: %s: %s (%s)", oper, princ, error_message(code));
- return code;
-}
-
-#define failadd(code) { fail(code, "ADD", victim); return code; }
-#define faildelete(code) { fail(code, "DELETE", victim); return code; }
-#define failget(code) { fail(code, "GET", victim); return code; }
-#define failmod(code) { fail(code, "MOD", victim); return code; }
-#define failchange(code) { fail(code, "CHANGE", admin); return code; }
-
-int
-kadm_add_entry (char *rname, char *rinstance, char *rrealm,
- Kadm_vals *valsin, Kadm_vals *valsout)
-{
- long numfound; /* check how many we get written */
- int more; /* pointer to more grabbed records */
- Principal data_i, data_o; /* temporary principal */
- u_char flags[4];
- des_cblock newpw;
- Principal default_princ;
-
- char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
-
- strncpy(admin,
- krb_unparse_name_long(rname, rinstance, rrealm),
- MAX_K_NAME_SZ -1);
- admin[MAX_K_NAME_SZ -1] = '\0';
-
- strncpy(victim,
- krb_unparse_name_long(valsin->name, valsin->instance, NULL),
- MAX_K_NAME_SZ -1);
- victim[MAX_K_NAME_SZ -1] = '\0';
-
- krb_log("ADD: %s by %s", victim, admin);
-
- if (!check_access(rname, rinstance, rrealm, ADDACL)) {
- krb_log("WARNING: ADD: %s permission denied", admin);
- return KADM_UNAUTH;
- }
-
- /* Need to check here for "legal" name and instance */
- if (wildcard(valsin->name) || wildcard(valsin->instance)) {
- failadd(KADM_ILL_WILDCARD);
- }
-
- numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
- &default_princ, 1, &more);
- if (numfound == -1) {
- failadd(KADM_DB_INUSE);
- } else if (numfound != 1) {
- failadd(KADM_UK_RERROR);
- }
-
- kadm_vals_to_prin(valsin->fields, &data_i, valsin);
- strncpy(data_i.name, valsin->name, ANAME_SZ - 1);
- data_i.name[ANAME_SZ - 1] = '\0';
- strncpy(data_i.instance, valsin->instance, INST_SZ - 1);
- data_i.instance[INST_SZ - 1] = '\0';
-
- if (!IS_FIELD(KADM_EXPDATE,valsin->fields))
- data_i.exp_date = default_princ.exp_date;
- if (!IS_FIELD(KADM_ATTR,valsin->fields))
- data_i.attributes = default_princ.attributes;
- if (!IS_FIELD(KADM_MAXLIFE,valsin->fields))
- data_i.max_life = default_princ.max_life;
-
- memset(&default_princ, 0, sizeof(default_princ));
-
- /* convert to host order */
- data_i.key_low = ntohl(data_i.key_low);
- data_i.key_high = ntohl(data_i.key_high);
-
-
- copy_to_key(&data_i.key_low, &data_i.key_high, newpw);
-
- /* encrypt new key in master key */
- kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key,
- server_parm.master_key_schedule, DES_ENCRYPT);
- copy_from_key(newpw, &data_i.key_low, &data_i.key_high);
- memset(newpw, 0, sizeof(newpw));
-
- data_o = data_i;
- numfound = kerb_get_principal(valsin->name, valsin->instance,
- &data_o, 1, &more);
- if (numfound == -1) {
- failadd(KADM_DB_INUSE);
- } else if (numfound) {
- failadd(KADM_INUSE);
- } else {
- data_i.key_version++;
- data_i.kdc_key_ver = server_parm.master_key_version;
- strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name) - 1);
- data_i.mod_name[sizeof(data_i.mod_name) - 1] = '\0';
- strncpy(data_i.mod_instance, rinstance,
- sizeof(data_i.mod_instance) - 1);
- data_i.mod_instance[sizeof(data_i.mod_instance - 1)] = '\0';
-
- numfound = kerb_put_principal(&data_i, 1);
- if (numfound == -1) {
- failadd(KADM_DB_INUSE);
- } else if (numfound) {
- failadd(KADM_UK_SERROR);
- } else {
- numfound = kerb_get_principal(valsin->name, valsin->instance,
- &data_o, 1, &more);
- if ((numfound!=1) || (more!=0)) {
- failadd(KADM_UK_RERROR);
- }
- memset(flags, 0, sizeof(flags));
- SET_FIELD(KADM_NAME,flags);
- SET_FIELD(KADM_INST,flags);
- SET_FIELD(KADM_EXPDATE,flags);
- SET_FIELD(KADM_ATTR,flags);
- SET_FIELD(KADM_MAXLIFE,flags);
- kadm_prin_to_vals(flags, valsout, &data_o);
- krb_log("ADD: %s added", victim);
- return KADM_DATA; /* Set all the appropriate fields */
- }
- }
-}
-
-int
-kadm_delete_entry (char *rname, char *rinstance, char *rrealm,
- Kadm_vals *valsin)
-{
- int ret;
-
- char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
-
- strncpy(admin,
- krb_unparse_name_long(rname, rinstance, rrealm),
- MAX_K_NAME_SZ - 1);
- admin[MAX_K_NAME_SZ - 1] = '\0';
- strncpy(victim,
- krb_unparse_name_long(valsin->name, valsin->instance, NULL),
- MAX_K_NAME_SZ - 1);
- victim[MAX_K_NAME_SZ - 1] = '\0';
-
- krb_log("DELETE: %s by %s", victim, admin);
-
- if (!check_access(rname, rinstance, rrealm, DELACL)) {
- krb_log("WARNING: DELETE: %s permission denied", admin);
- return KADM_UNAUTH;
- }
-
- /* Need to check here for "legal" name and instance */
- if (wildcard(valsin->name) || wildcard(valsin->instance)) {
- faildelete(KADM_ILL_WILDCARD);
- }
-
-#define EQ(V,N,I) (strcmp((V)->name, (N)) == 0 && strcmp((V)->instance, (I)) == 0)
-
- if(EQ(valsin, PWSERV_NAME, KRB_MASTER) ||
- EQ(valsin, "K", "M") ||
- EQ(valsin, "default", "") ||
- EQ(valsin, KRB_TICKET_GRANTING_TICKET, server_parm.krbrlm)){
- krb_log("WARNING: DELETE: %s is immutable", victim);
- return KADM_IMMUTABLE; /* XXX */
- }
-
- ret = kerb_delete_principal(valsin->name, valsin->instance);
- if(ret == -1)
- return KADM_DB_INUSE; /* XXX */
- krb_log("DELETE: %s removed.", victim);
- return KADM_SUCCESS;
-}
-
-
-int
-kadm_get_entry (char *rname, char *rinstance, char *rrealm,
- Kadm_vals *valsin, u_char *flags, Kadm_vals *valsout)
-{
- long numfound; /* check how many were returned */
- int more; /* To point to more name.instances */
- Principal data_o; /* Data object to hold Principal */
-
- char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
-
- strncpy(admin,
- krb_unparse_name_long(rname, rinstance, rrealm),
- MAX_K_NAME_SZ - 1);
- admin[MAX_K_NAME_SZ - 1] = '\0';
- strncpy(victim,
- krb_unparse_name_long(valsin->name, valsin->instance, NULL),
- MAX_K_NAME_SZ - 1);
- victim[MAX_K_NAME_SZ - 1] = '\0';
-
- krb_log("GET: %s by %s", victim, admin);
-
- if (!check_access(rname, rinstance, rrealm, GETACL)) {
- krb_log("WARNING: GET: %s permission denied", admin);
- return KADM_UNAUTH;
- }
-
- if (wildcard(valsin->name) || wildcard(valsin->instance)) {
- failget(KADM_ILL_WILDCARD);
- }
-
- /* Look up the record in the database */
- numfound = kerb_get_principal(valsin->name, valsin->instance,
- &data_o, 1, &more);
- if (numfound == -1) {
- failget(KADM_DB_INUSE);
- } else if (numfound) { /* We got the record, let's return it */
- kadm_prin_to_vals(flags, valsout, &data_o);
- krb_log("GET: %s retrieved", victim);
- return KADM_DATA; /* Set all the appropriate fields */
- } else {
- failget(KADM_NOENTRY); /* Else whimper and moan */
- }
-}
-
-int
-kadm_mod_entry (char *rname, char *rinstance, char *rrealm,
- Kadm_vals *valsin, Kadm_vals *valsin2, Kadm_vals *valsout)
-{
- long numfound;
- int more;
- Principal data_o, temp_key;
- u_char fields[4];
- des_cblock newpw;
-
- char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
-
- strncpy(admin,
- krb_unparse_name_long(rname, rinstance, rrealm),
- MAX_K_NAME_SZ - 1);
- admin[MAX_K_NAME_SZ - 1] = '\0';
- strncpy(victim,
- krb_unparse_name_long(valsin->name, valsin->instance, NULL),
- MAX_K_NAME_SZ - 1);
- victim[MAX_K_NAME_SZ - 1] = '\0';
-
-
- krb_log("MOD: %s by %s", victim, admin);
-
- if (wildcard(valsin->name) || wildcard(valsin->instance)) {
- failmod(KADM_ILL_WILDCARD);
- }
-
- if (!check_access(rname, rinstance, rrealm, MODACL)) {
- krb_log("WARNING: MOD: %s permission denied", admin);
- return KADM_UNAUTH;
- }
-
- numfound = kerb_get_principal(valsin->name, valsin->instance,
- &data_o, 1, &more);
- if (numfound == -1) {
- failmod(KADM_DB_INUSE);
- } else if (numfound) {
- kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2);
- strncpy(data_o.name, valsin->name, ANAME_SZ - 1);
- data_o.name[ANAME_SZ - 1] = '\0';
- strncpy(data_o.instance, valsin->instance, INST_SZ - 1);
- data_o.instance[INST_SZ - 1] = '\0';
- if (IS_FIELD(KADM_EXPDATE,valsin2->fields))
- data_o.exp_date = temp_key.exp_date;
- if (IS_FIELD(KADM_ATTR,valsin2->fields))
- data_o.attributes = temp_key.attributes;
- if (IS_FIELD(KADM_MAXLIFE,valsin2->fields))
- data_o.max_life = temp_key.max_life;
- if (IS_FIELD(KADM_DESKEY,valsin2->fields)) {
- data_o.key_version++;
- data_o.kdc_key_ver = server_parm.master_key_version;
-
-
- /* convert to host order */
- temp_key.key_low = ntohl(temp_key.key_low);
- temp_key.key_high = ntohl(temp_key.key_high);
-
-
- copy_to_key(&temp_key.key_low, &temp_key.key_high, newpw);
-
- /* encrypt new key in master key */
- kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key,
- server_parm.master_key_schedule, DES_ENCRYPT);
- copy_from_key(newpw, &data_o.key_low, &data_o.key_high);
- memset(newpw, 0, sizeof(newpw));
- }
- memset(&temp_key, 0, sizeof(temp_key));
-
- strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1);
- data_o.mod_name[sizeof(data_o.mod_name) - 1] = '\0';
- strncpy(data_o.mod_instance, rinstance,
- sizeof(data_o.mod_instance)-1);
- data_o.mod_instance[sizeof(data_o.mod_instance) - 1] = '\0';
- more = kerb_put_principal(&data_o, 1);
-
- memset(&data_o, 0, sizeof(data_o));
-
- if (more == -1) {
- failmod(KADM_DB_INUSE);
- } else if (more) {
- failmod(KADM_UK_SERROR);
- } else {
- numfound = kerb_get_principal(valsin->name, valsin->instance,
- &data_o, 1, &more);
- if ((more!=0)||(numfound!=1)) {
- failmod(KADM_UK_RERROR);
- }
- memset(fields, 0, sizeof(fields));
- SET_FIELD(KADM_NAME,fields);
- SET_FIELD(KADM_INST,fields);
- SET_FIELD(KADM_EXPDATE,fields);
- SET_FIELD(KADM_ATTR,fields);
- SET_FIELD(KADM_MAXLIFE,fields);
- kadm_prin_to_vals(fields, valsout, &data_o);
- krb_log("MOD: %s modified", victim);
- return KADM_DATA; /* Set all the appropriate fields */
- }
- }
- else {
- failmod(KADM_NOENTRY);
- }
-}
-
-int
-kadm_change (char *rname, char *rinstance, char *rrealm, unsigned char *newpw)
-{
- long numfound;
- int more;
- Principal data_o;
- des_cblock local_pw;
-
- char admin[MAX_K_NAME_SZ];
-
- strncpy(admin,
- krb_unparse_name_long(rname, rinstance, rrealm),
- MAX_K_NAME_SZ - 1);
- admin[MAX_K_NAME_SZ - 1] = '\0';
-
- krb_log("CHANGE: %s", admin);
-
- if (strcmp(server_parm.krbrlm, rrealm)) {
- krb_log("ERROR: CHANGE: request from wrong realm %s", rrealm);
- return(KADM_WRONG_REALM);
- }
-
- if (wildcard(rname) || wildcard(rinstance)) {
- failchange(KADM_ILL_WILDCARD);
- }
-
- memcpy(local_pw, newpw, sizeof(local_pw));
-
- /* encrypt new key in master key */
- kdb_encrypt_key (&local_pw, &local_pw, &server_parm.master_key,
- server_parm.master_key_schedule, DES_ENCRYPT);
-
- numfound = kerb_get_principal(rname, rinstance,
- &data_o, 1, &more);
- if (numfound == -1) {
- failchange(KADM_DB_INUSE);
- } else if (numfound) {
- copy_from_key(local_pw, &data_o.key_low, &data_o.key_high);
- data_o.key_version++;
- data_o.kdc_key_ver = server_parm.master_key_version;
- strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1);
- data_o.mod_name[sizeof(data_o.mod_name) - 1] = '\0';
- strncpy(data_o.mod_instance, rinstance,
- sizeof(data_o.mod_instance)-1);
- data_o.mod_instance[sizeof(data_o.mod_instance) - 1] = '\0';
- more = kerb_put_principal(&data_o, 1);
- memset(local_pw, 0, sizeof(local_pw));
- memset(&data_o, 0, sizeof(data_o));
- if (more == -1) {
- failchange(KADM_DB_INUSE);
- } else if (more) {
- failchange(KADM_UK_SERROR);
- } else {
- krb_log("CHANGE: %s's password changed", admin);
- return KADM_SUCCESS;
- }
- }
- else {
- failchange(KADM_NOENTRY);
- }
-}
diff --git a/kerberosIV/kadmind/kadm_ser_wrap.c b/kerberosIV/kadmind/kadm_ser_wrap.c
deleted file mode 100644
index 62064699dc8..00000000000
--- a/kerberosIV/kadmind/kadm_ser_wrap.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/* $OpenBSD: kadm_ser_wrap.c,v 1.5 1997/12/15 17:56:22 art Exp $ */
-/* $KTH: kadm_ser_wrap.c,v 1.21 1997/12/05 01:27:29 assar Exp $ */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Kerberos administration server-side support functions
- */
-
-/*
- * kadm_ser_wrap.c
- * unwraps wrapped packets and calls the appropriate server subroutine
- */
-
-#include "kadm_locl.h"
-
-/* GLOBAL */
-Kadm_Server server_parm;
-
-/*
- * kadm_ser_init
- * set up the server_parm structure
- */
-int
-kadm_ser_init(int inter, char *realm)
- /* interactive or from file */
-
-{
- struct hostent *hp;
- char hostname[MAXHOSTNAMELEN];
-
- init_kadm_err_tbl();
- init_krb_err_tbl();
- if (gethostname(hostname, sizeof(hostname)))
- return KADM_NO_HOSTNAME;
-
- strncpy(server_parm.sname, PWSERV_NAME, ANAME_SZ - 1);
- server_parm.sname[ANAME_SZ - 1] = '\0';
- strncpy(server_parm.sinst, KRB_MASTER, INST_SZ - 1);
- server_parm.sinst[INST_SZ - 1] = '\0';
- strncpy(server_parm.krbrlm, realm, REALM_SZ - 1);
- server_parm.krbrlm[REALM_SZ - 1] = '\0';
-
- server_parm.admin_fd = -1;
- /* setting up the addrs */
- memset(&server_parm.admin_addr,0, sizeof(server_parm.admin_addr));
-
- server_parm.admin_addr.sin_port = k_getportbyname (KADM_SNAME,
- "tcp",
- htons(751));
- server_parm.admin_addr.sin_family = AF_INET;
- if ((hp = gethostbyname(hostname)) == NULL)
- return KADM_NO_HOSTNAME;
- server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY;
- /* setting up the database */
- if (kdb_get_master_key((inter==1), &server_parm.master_key,
- server_parm.master_key_schedule) != 0)
- return KADM_NO_MAST;
- if ((server_parm.master_key_version =
- kdb_verify_master_key(&server_parm.master_key,
- server_parm.master_key_schedule,stderr))<0)
- return KADM_NO_VERI;
- return KADM_SUCCESS;
-}
-
-static void errpkt(u_char **dat, int *dat_len, int code)
-{
- u_int32_t retcode;
- char *pdat;
-
- free(*dat); /* free up req */
- *dat_len = KADM_VERSIZE + sizeof(u_int32_t);
- *dat = (u_char *) malloc((unsigned)*dat_len);
- if (dat == NULL)
- return;
- pdat = (char *) *dat;
- retcode = htonl((u_int32_t) code);
- strncpy(pdat, KADM_ULOSE, KADM_VERSIZE);
- memcpy(&pdat[KADM_VERSIZE], &retcode, sizeof(u_int32_t));
- return;
-}
-
-/*
- * kadm_ser_in
- * unwrap the data stored in dat, process, and return it.
- */
-
-int
-kadm_ser_in(u_char **dat, int *dat_len)
-{
- u_char *in_st; /* pointer into the sent packet */
- int in_len,retc; /* where in packet we are, for
- returns */
- u_int32_t r_len; /* length of the actual packet */
- KTEXT_ST authent; /* the authenticator */
- AUTH_DAT ad; /* who is this, klink */
- u_int32_t ncksum; /* checksum of encrypted data */
- des_key_schedule sess_sched; /* our schedule */
- MSG_DAT msg_st;
- u_char *retdat, *tmpdat;
- int retval, retlen;
-
- if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) {
- errpkt(dat, dat_len, KADM_BAD_VER);
- return KADM_BAD_VER;
- }
- in_len = KADM_VERSIZE;
- /* get the length */
- if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0)
- return KADM_LENGTH_ERROR;
- in_len += retc;
- authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t);
- authent.length = MIN( authent.length, MAX_KTXT_LEN );
- memcpy(authent.dat, (char *)(*dat) + in_len, authent.length);
- authent.mbz = 0;
- /* service key should be set before here */
- if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst,
- server_parm.recv_addr.sin_addr.s_addr, &ad, NULL)))
- {
- errpkt(dat, dat_len,retc + krb_err_base);
- return retc + krb_err_base;
- }
-
-#define clr_cli_secrets() {memset(sess_sched, 0, sizeof(sess_sched)); memset(ad.session, 0,sizeof(ad.session));}
-
- in_st = *dat + *dat_len - r_len;
-#ifdef NOENCRYPTION
- ncksum = 0;
-#else
- ncksum = des_quad_cksum((des_cblock *)in_st, (des_cblock *)0, (long) r_len, 0, &ad.session);
-#endif
- if (ncksum!=ad.checksum) { /* yow, are we correct yet */
- clr_cli_secrets();
- errpkt(dat, dat_len,KADM_BAD_CHK);
- return KADM_BAD_CHK;
- }
-#ifdef NOENCRYPTION
- memset(sess_sched, 0, sizeof(sess_sched));
-#else
- des_key_sched(&ad.session, sess_sched);
-#endif
- if ((retc = (int) krb_rd_priv(in_st, r_len, sess_sched, &ad.session,
- &server_parm.recv_addr,
- &server_parm.admin_addr, &msg_st))) {
- clr_cli_secrets();
- errpkt(dat, dat_len,retc + krb_err_base);
- return retc + krb_err_base;
- }
- switch (msg_st.app_data[0]) {
- case CHANGE_PW:
- retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length - 1,
- &ad, &retdat, &retlen);
- break;
- case ADD_ENT:
- retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length - 1,
- &ad, &retdat, &retlen);
- break;
- case GET_ENT:
- retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length - 1,
- &ad, &retdat, &retlen);
- break;
- case MOD_ENT:
- retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length - 1,
- &ad, &retdat, &retlen);
- break;
- case DEL_ENT:
- retval = kadm_ser_delete(msg_st.app_data + 1, msg_st.app_length - 1,
- &ad, &retdat, &retlen);
- break;
- default:
- clr_cli_secrets();
- errpkt(dat, dat_len, KADM_NO_OPCODE);
- return KADM_NO_OPCODE;
- }
- /* Now seal the response back into a priv msg */
- free(*dat);
- *dat = NULL;
-
- tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE +
- sizeof(u_int32_t)));
- if (tmpdat == NULL) {
- clr_cli_secrets();
- return KADM_NOMEM;
- }
-
- strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE);
- retval = htonl((u_int32_t)retval);
- memcpy((char *)tmpdat + KADM_VERSIZE, &retval, sizeof(u_int32_t));
- if (retlen) {
- memcpy((char *)tmpdat + KADM_VERSIZE + sizeof(u_int32_t), retdat,
- retlen);
- free(retdat);
- retdat = NULL;
- }
- /* slop for mk_priv stuff */
- *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE +
- sizeof(u_int32_t) + 200));
- if (*dat == NULL) {
- free(tmpdat);
- tmpdat = NULL;
- clr_cli_secrets();
- return KADM_NOMEM;
- }
-
- if ((*dat_len = krb_mk_priv(tmpdat, *dat,
- (u_int32_t) (retlen + KADM_VERSIZE +
- sizeof(u_int32_t)),
- sess_sched,
- &ad.session, &server_parm.admin_addr,
- &server_parm.recv_addr)) < 0) {
- clr_cli_secrets();
- errpkt(dat, dat_len, KADM_NO_ENCRYPT);
- return KADM_NO_ENCRYPT;
- }
- clr_cli_secrets();
- return KADM_SUCCESS;
-}
diff --git a/kerberosIV/kadmind/kadm_server.c b/kerberosIV/kadmind/kadm_server.c
deleted file mode 100644
index a18c2398a39..00000000000
--- a/kerberosIV/kadmind/kadm_server.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/* $OpenBSD: kadm_server.c,v 1.2 1997/12/15 17:56:22 art Exp $ */
-/* $KTH: kadm_server.c,v 1.9 1997/05/02 10:29:08 joda Exp $ */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Kerberos administration server-side subroutines
- */
-
-#include "kadm_locl.h"
-
-/*
- *kadm_ser_cpw - the server side of the change_password routine
- * recieves : KTEXT, {key}
- * returns : CKSUM, RETCODE
- * acl : caller can change only own password
- *
- * Replaces the password (i.e. des key) of the caller with that specified in
- * key. Returns no actual data from the master server, since this is called
- * by a user
- */
-int
-kadm_ser_cpw(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
-{
- u_int32_t keylow, keyhigh;
- des_cblock newkey;
- int status;
- int stvlen=0;
- char *pw_msg;
- char pword[MAX_KPW_LEN];
- char *strings[4];
-
- /* take key off the stream, and change the database */
-
- if ((status = stv_long(dat, &keyhigh, 0, len)) < 0)
- return(KADM_LENGTH_ERROR);
- stvlen=status;
- if ((status = stv_long(dat, &keylow, stvlen, len)) < 0)
- return(KADM_LENGTH_ERROR);
- stvlen+=status;
-
- if((status = stv_string(dat, pword, stvlen, sizeof(pword), len))<0)
- pword[0]=0;
-
- keylow = ntohl(keylow);
- keyhigh = ntohl(keyhigh);
- memcpy(((char *)newkey) + 4, &keyhigh, 4);
- memcpy(newkey, &keylow, 4);
-
- strings[0] = ad->pname;
- strings[1] = ad->pinst;
- strings[2] = ad->prealm;
- strings[3] = NULL;
- status = kadm_pw_check(pword, &newkey, &pw_msg, strings);
-
- memset(pword, 0, sizeof(pword));
- memset(dat, 0, len);
-
- if(status != KADM_SUCCESS){
- *datout=malloc(0);
- *outlen=vts_string(pw_msg, datout, 0);
- return status;
- }
- *datout=0;
- *outlen=0;
-
- return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey));
-}
-
-
-/*
- * kadm_ser_add - the server side of the add_entry routine
- * recieves : KTEXT, {values}
- * returns : CKSUM, RETCODE, {values}
- * acl : su, sms (as alloc)
- *
- * Adds and entry containing values to the database
- * returns the values of the entry, so if you leave certain fields blank
- * you will be able to determine the default values they are set to
- *
- */
-int
-kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
-{
- Kadm_vals values, retvals;
- long status;
-
- if ((status = stream_to_vals(dat, &values, len)) < 0)
- return(KADM_LENGTH_ERROR);
- if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm,
- &values, &retvals)) == KADM_DATA) {
- *outlen = vals_to_stream(&retvals,datout);
- return KADM_SUCCESS;
- } else {
- *outlen = 0;
- return status;
- }
-}
-
-/*
- * kadm_ser_mod - the server side of the mod_entry routine
- * recieves : KTEXT, {values, values}
- * returns : CKSUM, RETCODE, {values}
- * acl : su, sms (as register or dealloc)
- *
- * Modifies all entries corresponding to the first values so they match the
- * second values.
- * returns the values for the changed entries
- */
-int
-kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
-{
- Kadm_vals vals1, vals2, retvals;
- int wh;
- long status;
-
- if ((wh = stream_to_vals(dat, &vals1, len)) < 0)
- return KADM_LENGTH_ERROR;
- if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0)
- return KADM_LENGTH_ERROR;
- if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1,
- &vals2, &retvals)) == KADM_DATA) {
- *outlen = vals_to_stream(&retvals,datout);
- return KADM_SUCCESS;
- } else {
- *outlen = 0;
- return status;
- }
-}
-
-int
-kadm_ser_delete(u_char *dat, int len, AUTH_DAT *ad,
- u_char **datout, int *outlen)
-{
- Kadm_vals values;
- int wh;
- int status;
-
- if((wh = stream_to_vals(dat, &values, len)) < 0)
- return KADM_LENGTH_ERROR;
- if(wh != len)
- return KADM_LENGTH_ERROR;
- status = kadm_delete_entry(ad->pname, ad->pinst, ad->prealm,
- &values);
- *outlen = 0;
- return status;
-}
-
-/*
- * kadm_ser_get
- * recieves : KTEXT, {values, flags}
- * returns : CKSUM, RETCODE, {count, values, values, values}
- * acl : su
- *
- * gets the fields requested by flags from all entries matching values
- * returns this data for each matching recipient, after a count of how many
- * such matches there were
- */
-int
-kadm_ser_get(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen)
-{
- Kadm_vals values, retvals;
- u_char fl[FLDSZ];
- int loop,wh;
- long status;
-
- if ((wh = stream_to_vals(dat, &values, len)) < 0)
- return KADM_LENGTH_ERROR;
- if (wh + FLDSZ > len)
- return KADM_LENGTH_ERROR;
- for (loop=FLDSZ-1; loop>=0; loop--)
- fl[loop] = dat[wh++];
- if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm,
- &values, fl, &retvals)) == KADM_DATA) {
- *outlen = vals_to_stream(&retvals,datout);
- return KADM_SUCCESS;
- } else {
- *outlen = 0;
- return status;
- }
-}
-
diff --git a/kerberosIV/kadmind/kadmind.8 b/kerberosIV/kadmind/kadmind.8
deleted file mode 100644
index a694a88a57e..00000000000
--- a/kerberosIV/kadmind/kadmind.8
+++ /dev/null
@@ -1,126 +0,0 @@
-.\" Copyright 1987, 1988, 1989 by the Student Information Processing Board
-.\" of the Massachusetts Institute of Technology
-.\"
-.\" Permission to use, copy, modify, and distribute this software
-.\" and its documentation for any purpose and without fee is
-.\" hereby granted, provided that the above copyright notice
-.\" appear in all copies and that both that copyright notice and
-.\" this permission notice appear in supporting documentation,
-.\" and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
-.\" used in advertising or publicity pertaining to distribution
-.\" of the software without specific, written prior permission.
-.\" M.I.T. and the M.I.T. S.I.P.B. make no representations about
-.\" the suitability of this software for any purpose. It is
-.\" provided "as is" without express or implied warranty.
-.\"
-.\" $OpenBSD: kadmind.8,v 1.2 1997/05/30 03:11:20 gene Exp $
-.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kadmind \- Kerberos database administration daemon
-.SH SYNOPSIS
-.B kadmind
-[
-.B \-n
-] [
-.B \-h
-] [
-.B \-r realm
-] [
-.B \-f filename
-] [
-.B \-d dbname
-] [
-.B \-a acldir
-]
-.SH DESCRIPTION
-.I kadmind
-is the network database server for the Kerberos password-changing and
-administration tools.
-.PP
-Upon execution, it prompts the user to enter the master key string for
-the database.
-.PP
-If the
-.B \-n
-option is specified, the master key is instead fetched from the master
-key cache file.
-.PP
-If the
-.B \-r
-.I realm
-option is specified, the admin server will pretend that its
-local realm is
-.I realm
-instead of the actual local realm of the host it is running on.
-This makes it possible to run a server for a foreign kerberos
-realm.
-.PP
-If the
-.B \-f
-.I filename
-option is specified, then that file is used to hold the log information
-instead of the default.
-.PP
-If the
-.B \-d
-.I dbname
-option is specified, then that file is used as the database name instead
-of the default.
-.PP
-If the
-.B \-a
-.I acldir
-option is specified, then
-.I acldir
-is used as the directory in which to search for access control lists
-instead of the default.
-.PP
-If the
-.B \-h
-option is specified,
-.I kadmind
-prints out a short summary of the permissible control arguments, and
-then exits.
-.PP
-When performing requests on behalf of clients,
-.I kadmind
-checks access control lists (ACLs) to determine the authorization of the client
-to perform the requested action.
-Currently three distinct access types are supported:
-.TP 1i
-Addition
-(.add ACL file). If a principal is on this list, it may add new
-principals to the database.
-.TP
-Retrieval
-(.get ACL file). If a principal is on this list, it may retrieve
-database entries. NOTE: A principal's private key is never returned by
-the get functions.
-.TP
-Modification
-(.mod ACL file). If a principal is on this list, it may modify entries
-in the database.
-.PP
-A principal is always granted authorization to change its own password.
-.SH FILES
-.TP 20n
-/var/log/admin_server.log
-Default log file.
-.TP
-/etc/kerberosIV
-Default access control list directory.
-.TP
-admin_acl.{add,get,mod}
-Access control list files (within the directory)
-.TP
-/etc/kerberosIV/principal.pag, /etc/kerberosIV/principal.dir
-Default DBM files containing database
-.TP
-/etc/kerberosIV/master_key
-Master key cache file.
-.SH "SEE ALSO"
-kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
-.SH AUTHORS
-Douglas A. Church, MIT Project Athena
-.br
-John T. Kohl, Project Athena/Digital Equipment Corporation
diff --git a/kerberosIV/kadmind/pw_check.c b/kerberosIV/kadmind/pw_check.c
deleted file mode 100644
index 96d9c9ec398..00000000000
--- a/kerberosIV/kadmind/pw_check.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* $OpenBSD: pw_check.c,v 1.1 1997/12/15 17:56:23 art Exp $ */
-/* $KTH: pw_check.c,v 1.13 1997/04/01 08:17:50 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadm_locl.h"
-
-/*
- * kadm_pw_check
- *
- * pw : new password or "" if none passed
- * newkey : key for pw as passed from client
- * strings : interesting strings to check for
- *
- * returns NULL if pw is ok, else an explanatory string
- */
-int
-kadm_pw_check(char *pw, des_cblock *newkey, char **pw_msg,
- char **strings)
-{
- des_cblock pwkey;
- int status=KADM_SUCCESS;
-
- if (pw == NULL || *pw == '\0')
- return status; /* XXX - Change this later */
-
-#ifndef NO_PW_CHECK
- *pw_msg = NULL;
- des_string_to_key(pw, &pwkey); /* Check AFS string to key also! */
- if (memcmp(pwkey, *newkey, sizeof(pwkey)) != 0)
- {
- /* no password or bad key */
- status=KADM_PW_MISMATCH;
- *pw_msg = "Password doesn't match supplied DES key";
- }
- else if (strlen(pw) < MIN_KPW_LEN)
- {
- status = KADM_INSECURE_PW;
- *pw_msg="Password is too short";
- }
-
-#ifdef DICTPATH
- *pw_msg = FascistCheck(pw, DICTPATH, strings);
- if (*pw_msg)
- return KADM_INSECURE_PW;
-#endif
-
- memset(pwkey, 0, sizeof(pwkey));
-#endif
-
- return status;
-}
diff --git a/kerberosIV/kafs/Makefile b/kerberosIV/kafs/Makefile
deleted file mode 100644
index fce4e7b1546..00000000000
--- a/kerberosIV/kafs/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-# $Id: Makefile,v 1.4 1998/08/12 23:49:01 art Exp $
-
-LIB= kafs
-CFLAGS+=-I${.CURDIR} -I${.CURDIR}/../roken
-SRCS= afskrb.c afssys.c common.c
-.PATH: ${.CURDIR}/../roken
-SRCS+= resolve.c
-
-.include <bsd.own.mk> # for AFS
-
-.if (${AFS} != "yes")
-CFLAGS+=-DNO_AFS
-.endif
-
-.include <bsd.lib.mk>
diff --git a/kerberosIV/kafs/afskrb.c b/kerberosIV/kafs/afskrb.c
deleted file mode 100644
index 8f85cd4e35d..00000000000
--- a/kerberosIV/kafs/afskrb.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* $OpenBSD: afskrb.c,v 1.2 1997/12/12 11:46:31 art Exp $ */
-/* $KTH: afskrb.c,v 1.8 1997/10/14 23:00:39 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-struct krb_kafs_data {
- const char *realm;
-};
-
-static int
-get_cred(kafs_data *data, const char *name, const char *inst,
- const char *realm, CREDENTIALS *c)
-{
- KTEXT_ST tkt;
- int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
-
- if (ret) {
- ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
- if (ret == KSUCCESS)
- ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
- }
- return ret;
-}
-
-static int
-afslog_uid_int(kafs_data *data, const char *cell, uid_t uid)
-{
- int ret;
- CREDENTIALS c;
- struct krb_kafs_data *d = data->data;
- char realm[REALM_SZ], *lrealm;
-
- if (cell == 0 || cell[0] == 0)
- return _kafs_afslog_all_local_cells (data, uid);
-
- ret = krb_get_lrealm(realm , 0);
- if(ret == KSUCCESS && (d->realm == NULL || strcmp(d->realm, realm)))
- lrealm = realm;
- else
- lrealm = NULL;
-
- ret = _kafs_get_cred(data, cell, d->realm, lrealm, &c);
-
- if(ret == 0)
- ret = kafs_settoken(cell, uid, &c);
- return ret;
-}
-
-static char *
-get_realm(kafs_data *data, const char *host)
-{
- char *r = krb_realmofhost(host);
- if(r != NULL)
- return strdup(r);
- return NULL;
-}
-
-int
-krb_afslog_uid(const char *cell, const char *realm, uid_t uid)
-{
- kafs_data kd;
- struct krb_kafs_data d;
- kd.afslog_uid = afslog_uid_int;
- kd.get_cred = get_cred;
- kd.get_realm = get_realm;
- kd.data = &d;
- d.realm = realm;
- return afslog_uid_int(&kd, cell, uid);
-}
-
-int
-krb_afslog(const char *cell, const char *realm)
-{
- return krb_afslog_uid (cell, realm, getuid());
-}
diff --git a/kerberosIV/kafs/afssys.c b/kerberosIV/kafs/afssys.c
deleted file mode 100644
index cca824920ff..00000000000
--- a/kerberosIV/kafs/afssys.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* $OpenBSD: afssys.c,v 1.10 1999/03/19 10:43:33 art Exp $ */
-/* $KTH: afssys.c,v 1.57 1998/05/09 17:19:03 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-int _kafs_debug;
-
-int
-k_pioctl(char *a_path,
- int o_opcode,
- struct ViceIoctl *a_paramsP,
- int a_followSymlinks)
-{
- return xfspioctl(AFSCALL_PIOCTL, a_path, o_opcode, a_paramsP,
- a_followSymlinks);
-}
-
-int
-k_afs_cell_of_file(const char *path, char *cell, int len)
-{
- struct ViceIoctl parms;
-
- parms.in = NULL;
- parms.in_size = 0;
- parms.out = cell;
- parms.out_size = len;
-
- return k_pioctl((char*)path, VIOC_FILE_CELL_NAME, &parms, 1);
-}
-
-int
-k_unlog(void)
-{
- struct ViceIoctl parms;
-
- memset(&parms, 0, sizeof(parms));
-
- return k_pioctl(0, VIOCUNLOG, &parms, 0);
-}
-
-int
-k_setpag(void)
-{
- return xfspioctl(AFSCALL_SETPAG, NULL, 0, NULL, 0);
-}
-
-int
-k_hasafs(void)
-{
- struct ViceIoctl parms;
-
- bzero(&parms, sizeof(struct ViceIoctl));
-
- k_pioctl(NULL, VIOCSETTOK, &parms, 0);
-
- /*
- * An ENOSYS means failure. Anything else is success (including EINVAL).
- */
-
- return errno != ENOSYS;
-}
diff --git a/kerberosIV/kafs/common.c b/kerberosIV/kafs/common.c
deleted file mode 100644
index 7ec08a022f5..00000000000
--- a/kerberosIV/kafs/common.c
+++ /dev/null
@@ -1,368 +0,0 @@
-/* $OpenBSD: common.c,v 1.6 1999/02/28 14:14:12 art Exp $ */
-/* $KTH: common.c,v 1.10 1998/04/04 13:08:31 assar Exp $ */
-
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-#include <resolve.h>
-
-#define AUTH_SUPERUSER "afs"
-
-/*
- * Here only ASCII characters are relevant.
- */
-
-#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
-
-#define ToAsciiUpper(c) ((c) - 'a' + 'A')
-
-static void
-foldup(char *a, const char *b)
-{
- for (; *b; a++, b++)
- if (IsAsciiLower(*b))
- *a = ToAsciiUpper(*b);
- else
- *a = *b;
- *a = '\0';
-}
-
-int
-kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
-{
- struct ViceIoctl parms;
- struct ClearToken ct;
- int32_t sizeof_x;
- char buf[2048], *t;
- int ret;
-
- /*
- * Build a struct ClearToken
- */
- ct.AuthHandle = c->kvno;
- memcpy (ct.HandShakeKey, c->session, sizeof(c->session));
- ct.ViceId = uid;
- ct.BeginTimestamp = c->issue_date;
- ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
- if(ct.EndTimestamp < time(NULL))
- return 0; /* don't store tokens that has expired (and possibly
- overwriting valid tokens)*/
-
-#define ODD(x) ((x) & 1)
- /* According to Transarc conventions ViceId is valid iff
- * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime
- * the transformations:
- *
- * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life)
- * preserves the original values.
- */
- if (uid != 0) /* valid ViceId */
- {
- if (!ODD(ct.EndTimestamp - ct.BeginTimestamp))
- ct.EndTimestamp--;
- }
- else /* not valid ViceId */
- {
- if (ODD(ct.EndTimestamp - ct.BeginTimestamp))
- ct.EndTimestamp--;
- }
-
- t = buf;
- /*
- * length of secret token followed by secret token
- */
- sizeof_x = c->ticket_st.length;
- memcpy(t, &sizeof_x, sizeof(sizeof_x));
- t += sizeof(sizeof_x);
- memcpy(t, c->ticket_st.dat, sizeof_x);
- t += sizeof_x;
- /*
- * length of clear token followed by clear token
- */
- sizeof_x = sizeof(ct);
- memcpy(t, &sizeof_x, sizeof(sizeof_x));
- t += sizeof(sizeof_x);
- memcpy(t, &ct, sizeof_x);
- t += sizeof_x;
-
- /*
- * do *not* mark as primary cell
- */
- sizeof_x = 0;
- memcpy(t, &sizeof_x, sizeof(sizeof_x));
- t += sizeof(sizeof_x);
- /*
- * follow with cell name
- */
- sizeof_x = strlen(cell) + 1;
- memcpy(t, cell, sizeof_x);
- t += sizeof_x;
-
- /*
- * Build argument block
- */
- parms.in = buf;
- parms.in_size = t - buf;
- parms.out = 0;
- parms.out_size = 0;
- ret = k_pioctl(0, VIOCSETTOK, &parms, 0);
- return ret;
-}
-
-/* Try to get a db-server for an AFS cell from a AFSDB record */
-
-static int
-dns_find_cell(const char *cell, char *dbserver, size_t len)
-{
- struct dns_reply *r;
- int ok = -1;
- r = dns_lookup(cell, "afsdb");
- if(r){
- struct resource_record *rr = r->head;
- while(rr){
- if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
- strncpy(dbserver, rr->u.afsdb->domain, len);
- dbserver[len - 1] = '\0';
- ok = 0;
- break;
- }
- rr = rr->next;
- }
- dns_free_data(r);
- }
- return ok;
-}
-
-
-/*
- * Try to find the cells we should try to klog to in "file".
- */
-static void
-find_cells(char *file, char ***cells, int *index)
-{
- FILE *f;
- char cell[64];
- int i;
- int ind = *index;
-
- f = fopen(file, "r");
- if (f == NULL)
- return;
- while (fgets(cell, sizeof(cell), f)) {
- char *nl = strchr(cell, '\n');
- if (nl) *nl = 0;
-
- /* skip blank lines */
- if (!cell[0]) continue;
-
- for(i = 0; i < ind; i++)
- if(strcmp((*cells)[i], cell) == 0)
- break;
- if(i == ind){
- *cells = realloc(*cells, (ind + 1) * sizeof(**cells));
- if (*cells == NULL)
- break;
- (*cells)[ind] = strdup(cell);
- if ((*cells)[ind] == NULL)
- break;
- ++ind;
- }
- }
- fclose(f);
- *index = ind;
-}
-
-/*
- * Get tokens for all cells[]
- */
-static int
-afslog_cells(kafs_data *data, char **cells, int max, uid_t uid)
-{
- int ret = 0;
- int i;
- for(i = 0; i < max; i++)
- ret = (*data->afslog_uid)(data, cells[i], uid);
- return ret;
-}
-
-int
-_kafs_afslog_all_local_cells(kafs_data *data, uid_t uid)
-{
- int ret;
- char **cells = NULL;
- int index = 0;
-
- char *p;
-
- if ((p = getenv("HOME"))) {
- char home[MAXPATHLEN];
- snprintf(home, sizeof(home), "%s/.TheseCells", p);
- find_cells(home, &cells, &index);
- }
- find_cells(_PATH_THESECELLS, &cells, &index);
- find_cells(_PATH_THISCELL, &cells, &index);
- find_cells(_PATH_ARLA_THESECELLS, &cells, &index);
- find_cells(_PATH_ARLA_THISCELL, &cells, &index);
-
- ret = afslog_cells(data, cells, index, uid);
- while(index > 0) {
- free(cells[--index]);
- cells[index] = NULL;
- }
- free(cells);
- cells = NULL;
- return ret;
-}
-
-
-/* Find the realm associated with cell. Do this by opening
- /usr/vice/etc/CellServDB and getting the realm-of-host for the
- first VL-server for the cell.
-
- This does not work when the VL-server is living in one realm, but
- the cell it is serving is living in another realm.
-
- Return 0 on success, -1 otherwise.
- */
-
-static int
-realm_of_cell(kafs_data *data, const char *cell, char **realm)
-{
- FILE *F;
- char buf[1024];
- char *p;
- int ret = -1;
-
- if ((F = fopen(_PATH_CELLSERVDB, "r"))
- || (F = fopen(_PATH_ARLA_CELLSERVDB, "r"))) {
- while (fgets(buf, sizeof(buf), F)) {
- if (buf[0] != '>')
- continue; /* Not a cell name line, try next line */
- if (strncmp(buf + 1, cell, strlen(cell)) == 0) {
- /*
- * We found the cell name we're looking for.
- * Read next line on the form ip-address '#' hostname
- */
- if (fgets(buf, sizeof(buf), F) == NULL)
- break; /* Read failed, give up */
- p = strchr(buf, '#');
- if (p == NULL)
- break; /* No '#', give up */
- p++;
- if (buf[strlen(buf) - 1] == '\n')
- buf[strlen(buf) - 1] = '\0';
- *realm = (*data->get_realm)(data, p);
- if (*realm && **realm != '\0')
- ret = 0;
- break; /* Won't try any more */
- }
- }
- fclose(F);
- }
- if (*realm == NULL && dns_find_cell(cell, buf, sizeof(buf)) == 0)
- *realm = strdup(krb_realmofhost(buf));
- return ret;
-}
-
-int
-_kafs_get_cred(kafs_data *data,
- const char *cell,
- const char *krealm,
- const char *lrealm,
- CREDENTIALS *c)
-{
- int ret = -1;
- char *vl_realm;
- char CELL[64];
-
- /* We're about to find the the realm that holds the key for afs in
- * the specified cell. The problem is that null-instance
- * afs-principals are common and that hitting the wrong realm might
- * yield the wrong afs key. The following assumptions were made.
- *
- * Any realm passed to us is preferred.
- *
- * If there is a realm with the same name as the cell, it is most
- * likely the correct realm to talk to.
- *
- * In most (maybe even all) cases the database servers of the cell
- * will live in the realm we are looking for.
- *
- * Try the local realm, but if the previous cases fail, this is
- * really a long shot.
- *
- */
-
- /* comments on the ordering of these tests */
-
- /* If the user passes a realm, she probably knows something we don't
- * know and we should try afs@krealm (otherwise we're talking with a
- * blondino and she might as well have it.)
- */
-
- if (krealm != NULL) {
- ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, krealm, c);
- if (ret == 0) return 0;
- ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", krealm, c);
- }
- if (ret == 0) return 0;
-
- foldup(CELL, cell);
-
- ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, CELL, c);
- if (ret == 0) return 0;
-
- ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", CELL, c);
- if (ret == 0) return 0;
-
- /* this might work in some cases */
- if (realm_of_cell(data, cell, &vl_realm) == 0) {
- ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, vl_realm, c);
- if (ret)
- ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", vl_realm, c);
- free(vl_realm);
- if (ret == 0) return 0;
- }
-
- if (lrealm)
- ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, lrealm, c);
- return ret;
-}
-
-
diff --git a/kerberosIV/kafs/shlib_version b/kerberosIV/kafs/shlib_version
deleted file mode 100644
index 900b4048a96..00000000000
--- a/kerberosIV/kafs/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
-major=5
-minor=1
diff --git a/kerberosIV/kauth/Makefile b/kerberosIV/kauth/Makefile
deleted file mode 100644
index 2fbefa16160..00000000000
--- a/kerberosIV/kauth/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-# $OpenBSD: Makefile,v 1.3 1998/08/12 23:55:56 art Exp $
-
-.include <bsd.obj.mk>
-
-SRCS= encdata.c rkinit.c kauth.c marshall.c
-.PATH: ${.CURDIR}/../roken
-SRCS+= simple_exec.c
-CFLAGS+= -I${.CURDIR}/../roken
-PROG= kauth
-LDADD+= -lkrb -lkafs -ldes
-DPADD+= ${LIBKRB} ${LIBKAFS}
-BINDIR= /usr/bin
-MAN= kauth.1
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kauth/encdata.c b/kerberosIV/kauth/encdata.c
deleted file mode 100644
index 71e1a998c6e..00000000000
--- a/kerberosIV/kauth/encdata.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* $OpenBSD: encdata.c,v 1.1 1997/12/18 22:28:02 art Exp $ */
-/* $KTH: encdata.c,v 1.9 1997/04/01 08:17:30 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kauth.h"
-
-int
-write_encrypted (int fd, void *buf, size_t len, des_key_schedule schedule,
- des_cblock *session, struct sockaddr_in *me,
- struct sockaddr_in *him)
-{
- void *outbuf;
- int32_t outlen, l;
- int i;
- unsigned char tmp[4];
-
- outbuf = malloc(len + 30);
- if (outbuf == NULL)
- return -1;
-
- outlen = krb_mk_priv (buf, outbuf, len, schedule, session, me, him);
- if (outlen < 0) {
- free(outbuf);
- return -1;
- }
-
- l = outlen;
- for(i = 3; i >= 0; i--, l = l >> 8)
- tmp[i] = l & 0xff;
- if (krb_net_write (fd, tmp, 4) != 4 ||
- krb_net_write (fd, outbuf, outlen) != outlen) {
- free(outbuf);
- outbuf = NULL;
- return -1;
- }
-
- free(outbuf);
- outbuf = NULL;
- return 0;
-}
-
-
-int
-read_encrypted (int fd, void *buf, size_t len, void **ret,
- des_key_schedule schedule, des_cblock *session,
- struct sockaddr_in *him, struct sockaddr_in *me)
-{
- int status;
- int32_t l;
- MSG_DAT msg;
- unsigned char tmp[4];
-
- l = krb_net_read (fd, tmp, 4);
- if (l != 4)
- return l;
- l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
- if (l > len)
- return -1;
- if (krb_net_read (fd, buf, l) != l)
- return -1;
- status = krb_rd_priv (buf, l, schedule, session, him, me, &msg);
- if (status != RD_AP_OK) {
- fprintf (stderr, "read_encrypted: %s\n",
- krb_get_err_text(status));
- return -1;
- }
- *ret = msg.app_data;
- return msg.app_length;
-}
diff --git a/kerberosIV/kauth/kauth.1 b/kerberosIV/kauth/kauth.1
deleted file mode 100644
index b956e1a5a7d..00000000000
--- a/kerberosIV/kauth/kauth.1
+++ /dev/null
@@ -1,66 +0,0 @@
-.\" $Id: kauth.1,v 1.4 1999/07/09 13:35:58 aaron Exp $
-.\"
-.Dd May 4, 1996
-.Dt KAUTH 1
-.Os
-.Sh NAME
-.Nm kauth
-.Nd
-overworked Kerberos login program
-.Sh SYNOPSIS
-.Nm kauth
-.Op Fl n Ar name
-.Op Fl r Ar remote user
-.Op Fl t Pa remote ticket file
-.Op Fl h Ar hosts...
-.Op Fl l Ar lifetime
-.Op Fl f Pa srvtab
-.Op Fl c Ar cell
-.Op Ar command ...
-.Sh DESCRIPTION
-The
-.Nm
-command obtains ticket granting tickets as well as AFS ticket and
-tokens. It also does a whole lot of other stuff.
-.Pp
-The following flags are supported:
-.Bl -tag -width xxxx
-.It Fl n
-Principal to get tickets for. If no other arguments are present this
-can be given without the
-.Fl n
-flag.
-.It Fl h
-Remote hosts to obtain tickets for. This works similar to the MIT
-Athena Kerberos 4 patchlevel 10 command
-.Xr rkinit 1 ,
-however not in a compatible way. It requires that the remote host runs
-the
-.Xr kauthd 8 ,
-server. The
-.Fl r
-and
-.Fl t
-flags are useful only with this option.
-.It Fl r
-User on the remote host that should own the ticket file.
-.It Fl t
-Ticket file on remote host.
-.It Fl l
-Lifetime of tickets in minutes. A value of -1 is used for maximum
-ticket lifetime.
-.It Fl f
-Srvtab to get service keys from. Default is
-.Pa /etc/kerberosIV/srvtab .
-This is mainly used with batch services that need to run
-authenticated. If any command is given, it will be executed in an
-authenticated fashion and when the program exits the tickets are
-destroyed. For long running jobs the tickets will be renewed.
-.It Fl c
-AFS cell to get tokens for, default is your local cell.
-.El
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr kauthd 8
-.Sh BUGS
-There is no help-switch.
diff --git a/kerberosIV/kauth/kauth.c b/kerberosIV/kauth/kauth.c
deleted file mode 100644
index 4d89ff18c33..00000000000
--- a/kerberosIV/kauth/kauth.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/* $OpenBSD: kauth.c,v 1.5 1999/05/23 17:19:24 aaron Exp $ */
-/* $KTH: kauth.c,v 1.81 1997/12/09 10:36:33 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Little program that reads an srvtab or password and
- * creates a suitable ticketfile and associated AFS tokens.
- *
- * If an optional command is given the command is executed in a
- * new PAG and when the command exits the tickets are destroyed.
- */
-
-#include "kauth.h"
-#include <simple_exec.h>
-
-krb_principal princ;
-static char srvtab[MAXPATHLEN];
-static int lifetime = DEFAULT_TKT_LIFE;
-static char remote_tktfile[MAXPATHLEN];
-static char remoteuser[100];
-static char *cell = 0;
-static char progname[] = "kauth";
-
-char *
-strupr(char *str)
-{
- char *s;
-
- for(s = str; *s; s++)
- *s = toupper(*s);
- return str;
-}
-
-static void
-usage(void)
-{
- fprintf(stderr,
- "Usage: %s -n <name> [-r remoteuser] [-t remote ticketfile] "
- "[-l lifetime (in minutes) ] [-f srvtab ] "
- "[-c AFS cell name ] [-h hosts... [--]] [command ... ]\n",
- progname);
- fprintf(stderr, "\nA fully qualified name can be given user[.instance][@realm]\nRealm is converted to uppercase!\n");
- exit(1);
-}
-
-#define EX_NOEXEC 126
-#define EX_NOTFOUND 127
-
-static int
-doexec(int argc, char **argv)
-{
- int ret = simple_execvp(argv[0], argv);
- if(ret == -2)
- warn ("fork");
- if(ret == -3)
- warn("waitpid");
- if (ret < 0)
- return EX_NOEXEC;
- if(ret == EX_NOEXEC || ret == EX_NOTFOUND)
- warnx("Can't exec program ``%s''", argv[0]);
-
- return ret;
-}
-
-static void
-renew(int sig)
-{
- int code;
-
- signal(SIGALRM, renew);
-
- code = krb_get_svc_in_tkt(princ.name, princ.instance, princ.realm,
- KRB_TICKET_GRANTING_TICKET,
- princ.realm, lifetime, srvtab);
- if (code)
- warnx ("%s", krb_get_err_text(code));
- else if (k_hasafs())
- {
- if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
- warnx ("%s", krb_get_err_text(code));
- }
- }
-
- alarm(krb_life_to_time(0, lifetime)/2 - 60);
-}
-
-static int
-zrefresh(void)
-{
- switch (fork()) {
- case -1:
- err (1, "Warning: Failed to fork zrefresh");
- return -1;
- case 0:
- /* Child */
- execlp("zrefresh", "zrefresh", 0);
- execl("/usr/bin/zrefresh", "zrefresh", 0);
- exit(1);
- default:
- /* Parent */
- break;
- }
- return 0;
-}
-
-static int
-key_to_key(char *user, char *instance, char *realm, void *arg,
- des_cblock *key)
-{
- memcpy(key, arg, sizeof(des_cblock));
- return 0;
-}
-
-int
-main(int argc, char **argv)
-{
- int code, more_args;
- int ret;
- int c;
- char *file;
- int pflag = 0;
- char passwd[100];
- des_cblock key;
- char **host;
- int nhost;
- char tf[MAXPATHLEN];
-
- if ((file = getenv("KRBTKFILE")) == 0)
- file = TKT_FILE;
-
- memset(&princ, 0, sizeof(princ));
- memset(srvtab, 0, sizeof(srvtab));
- *remoteuser = '\0';
- nhost = 0;
- host = NULL;
-
- /* Look for kerberos name */
- if (argc > 1 &&
- argv[1][0] != '-' &&
- krb_parse_name(argv[1], &princ) == 0)
- {
- argc--; argv++;
- strupr(princ.realm);
- }
-
- while ((c = getopt(argc, argv, "r:t:f:hdl:n:c:")) != -1)
- switch (c) {
- case 'd':
- krb_enable_debug();
- _kafs_debug = 1;
- break;
- case 'f':
- strncpy(srvtab, optarg, sizeof(srvtab) - 1);
- srvtab[sizeof(srvtab) - 1] = '\0';
- break;
- case 't':
- strncpy(remote_tktfile, optarg, sizeof(remote_tktfile) - 1);
- remote_tktfile[sizeof(remote_tktfile)] = '\0';
- break;
- case 'r':
- strncpy(remoteuser, optarg, sizeof(remoteuser) - 1);
- remoteuser[sizeof(remoteuser) - 1] = '\0';
- break;
- case 'l':
- lifetime = atoi(optarg);
- if (lifetime == -1)
- lifetime = 255;
- else if (lifetime < 5)
- lifetime = 1;
- else
- lifetime = krb_time_to_life(0, lifetime*60);
- if (lifetime > 255)
- lifetime = 255;
- break;
- case 'n':
- if ((code = krb_parse_name(optarg, &princ)) != 0) {
- warnx ("%s", krb_get_err_text(code));
- usage();
- }
- strupr(princ.realm);
- pflag = 1;
- break;
- case 'c':
- cell = optarg;
- break;
- case 'h':
- host = argv + optind;
- for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind)
- ++nhost;
- break;
- case '?':
- default:
- usage();
- break;
- }
-
- if (princ.name[0] == '\0' && krb_get_default_principal (princ.name,
- princ.instance,
- princ.realm) < 0)
- errx (1, "Could not get default principal");
-
- /* With root tickets assume remote user is root */
- if (*remoteuser == '\0') {
- if (strcmp(princ.instance, "root") == 0) {
- strncpy(remoteuser, princ.instance, sizeof(remoteuser) - 1);
- remoteuser[sizeof(remoteuser) - 1] = '\0';
- }
- else {
- strncpy(remoteuser, princ.name, sizeof(remoteuser) - 1);
- remoteuser[sizeof(remoteuser) - 1] = '\0';
- }
- }
-
- more_args = argc - optind;
-
- if (princ.realm[0] == '\0')
- if (krb_get_lrealm(princ.realm, 1) != KSUCCESS) {
- strncpy(princ.realm, KRB_REALM, REALM_SZ - 1);
- princ.realm[REALM_SZ - 1] = '\0';
- }
-
- if (more_args) {
- int f;
-
- do{
- snprintf(tf, sizeof(tf),
- TKT_ROOT "%u_%u",
- (unsigned)getuid(),
- (unsigned)(getpid()*time(0)));
- f = open(tf, O_CREAT|O_EXCL|O_RDWR);
- } while(f < 0);
- close(f);
- unlink(tf);
- setenv("KRBTKFILE", tf, 1);
- krb_set_tkt_string (tf);
- }
-
- if (srvtab[0])
- {
- signal(SIGALRM, renew);
-
- code = read_service_key (princ.name, princ.instance, princ.realm, 0,
- srvtab, (char *)&key);
- if (code == KSUCCESS)
- code = krb_get_in_tkt(princ.name, princ.instance, princ.realm,
- KRB_TICKET_GRANTING_TICKET,
- princ.realm, lifetime,
- key_to_key, NULL, key);
- alarm(krb_life_to_time(0, lifetime)/2 - 60);
- }
- else {
- char prompt[128];
-
- snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&princ));
- if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
- memset(passwd, 0, sizeof(passwd));
- exit(1);
- }
- code = krb_get_pw_in_tkt2(princ.name, princ.instance, princ.realm,
- KRB_TICKET_GRANTING_TICKET, princ.realm,
- lifetime, passwd, &key);
-
- memset(passwd, 0, sizeof(passwd));
- }
- if (code) {
- memset (key, 0, sizeof(key));
- errx (1, "%s", krb_get_err_text(code));
- }
-
- if (k_hasafs()) {
- if (more_args)
- k_setpag();
- if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
- if(code > 0)
- warnx ("%s", krb_get_err_text(code));
- else
- warnx ("failed to store AFS token");
- }
- }
-
- for(ret = 0; nhost-- > 0; host++)
- ret += rkinit(&princ, lifetime, remoteuser, remote_tktfile, &key, *host);
-
- if (ret)
- return ret;
-
- if (more_args) {
- ret = doexec(more_args, &argv[optind]);
- dest_tkt();
- if (k_hasafs())
- k_unlog();
- }
- else
- zrefresh();
-
- return ret;
-}
diff --git a/kerberosIV/kauth/kauth.h b/kerberosIV/kauth/kauth.h
deleted file mode 100644
index 2355d379e8b..00000000000
--- a/kerberosIV/kauth/kauth.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/* $OpenBSD: kauth.h,v 1.2 1998/02/18 11:53:47 art Exp $ */
-/* $KTH: kauth.h,v 1.18 1997/05/20 18:40:31 bg Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include <signal.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <unistd.h>
-#include <pwd.h>
-#include <grp.h>
-
-#include <sys/time.h>
-#include <time.h>
-#include <sys/resource.h>
-#include <sys/wait.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-
-#include <err.h>
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/kafs.h>
-
-#define KAUTH_PORT 2120
-
-#define KAUTH_VERSION "RKINIT.0"
-
-int rkinit (krb_principal*, int, char*, char*, des_cblock*, char*);
-
-int write_encrypted (int, void*, size_t, des_key_schedule,
- des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
-
-int read_encrypted (int, void*, size_t, void **, des_key_schedule,
- des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
-
-unsigned pack_args (char *, krb_principal*, int, char*, char*);
-
-int unpack_args (char*, krb_principal*, int*, char*, char*);
diff --git a/kerberosIV/kauth/marshall.c b/kerberosIV/kauth/marshall.c
deleted file mode 100644
index 982991509c7..00000000000
--- a/kerberosIV/kauth/marshall.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/* $OpenBSD: marshall.c,v 1.1 1997/12/18 22:28:04 art Exp $ */
-/* $KTH: marshall.c,v 1.7 1997/04/01 08:17:32 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kauth.h"
-
-unsigned
-pack_args (char *buf, krb_principal *pr, int lifetime,
- char *locuser, char *tktfile)
-{
- char *p;
-
- p = buf;
- strcpy (p, pr->name);
- p += strlen (pr->name) + 1;
- strcpy (p, pr->instance);
- p += strlen (pr->instance) + 1;
- strcpy (p, pr->realm);
- p += strlen (pr->realm) + 1;
- *p++ = (unsigned char)lifetime;
- strcpy(p, locuser);
- p += strlen (locuser) + 1;
- strcpy(p, tktfile);
- p += strlen(tktfile) + 1;
- return p - buf;
-}
-
-int
-unpack_args (char *buf, krb_principal *pr, int *lifetime,
- char *locuser, char *tktfile)
-{
- int len;
-
- len = strlen(buf);
- if (len > SNAME_SZ)
- return -1;
- strncpy(pr->name, buf, len + 1);
- buf += len + 1;
- len = strlen (buf);
- if (len > INST_SZ)
- return -1;
- strncpy (pr->instance, buf, len + 1);
- buf += len + 1;
- len = strlen (buf);
- if (len > REALM_SZ)
- return -1;
- strncpy (pr->realm, buf, len + 1);
- buf += len + 1;
- *lifetime = (unsigned char)*buf++;
- len = strlen(buf);
- if (len > SNAME_SZ)
- return -1;
- strncpy (locuser, buf, len + 1);
- buf += len + 1;
- len = strlen(buf);
- if (len > MAXPATHLEN)
- return -1;
- strncpy (tktfile, buf, len + 1);
- buf += len + 1;
- return 0;
-}
diff --git a/kerberosIV/kauth/rkinit.c b/kerberosIV/kauth/rkinit.c
deleted file mode 100644
index 713c9df9547..00000000000
--- a/kerberosIV/kauth/rkinit.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/* $OpenBSD: rkinit.c,v 1.2 1998/08/16 02:42:10 art Exp $ */
-/* $KTH: rkinit.c,v 1.19 1997/04/01 08:17:33 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kauth.h"
-
-static struct in_addr *
-getalladdrs (char *hostname, unsigned *count)
-{
- struct hostent *hostent;
- struct in_addr **h;
- struct in_addr *addr;
- struct in_addr *temp;
- unsigned naddr;
- unsigned maxaddr;
-
- hostent = gethostbyname (hostname);
- if (hostent == NULL) {
- warnx ("gethostbyname '%s' failed: %s\n",
- hostname,
-#ifdef HAVE_H_ERRNO
- hstrerror(h_errno)
-#else
- "unknown error"
-#endif
- );
- return NULL;
- }
- maxaddr = 1;
- naddr = 0;
- addr = malloc(sizeof(*addr) * maxaddr);
- if (addr == NULL) {
- warnx ("out of memory");
- return NULL;
- }
- for (h = (struct in_addr **)(hostent->h_addr_list);
- *h != NULL;
- h++) {
- if (naddr >= maxaddr) {
- maxaddr *= 2;
- temp = realloc (addr, sizeof(*addr) * maxaddr);
- if (temp == NULL) {
- warnx ("out of memory");
- free(addr);
- return NULL;
- }
- addr = temp;
- }
- addr[naddr++] = **h;
- }
- temp = realloc (addr, sizeof(*addr) * naddr);
- if (temp == NULL) {
- warnx ("out of memory");
- free(addr);
- return NULL;
- }
- addr = temp;
- *count = naddr;
- return addr;
-}
-
-static int
-doit_host (krb_principal *princ, int lifetime, char *locuser,
- char *tktfile, des_cblock *key, int s, char *hostname)
-{
- char buf[BUFSIZ];
- int inlen;
- KTEXT_ST text;
- CREDENTIALS cred;
- MSG_DAT msg;
- int status;
- des_key_schedule schedule;
- struct sockaddr_in thisaddr, thataddr;
- int addrlen;
- void *ret;
-
- addrlen = sizeof(thisaddr);
- if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
- addrlen != sizeof(thisaddr)) {
- warn ("getsockname(%s)", hostname);
- return 1;
- }
- addrlen = sizeof(thataddr);
- if (getpeername (s, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
- addrlen != sizeof(thataddr)) {
- warn ("getpeername(%s)", hostname);
- return 1;
- }
-
- status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
- hostname, krb_realmofhost (hostname),
- getpid(), &msg, &cred, schedule,
- &thisaddr, &thataddr, KAUTH_VERSION);
- if (status != KSUCCESS) {
- warnx ("%s: %s\n", hostname, krb_get_err_text(status));
- return 1;
- }
- inlen = pack_args (buf, princ, lifetime, locuser, tktfile);
-
- if (write_encrypted(s, buf, inlen, schedule, &cred.session,
- &thisaddr, &thataddr) < 0) {
- warn ("write to %s", hostname);
- return 1;
- }
-
- inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
- &cred.session, &thataddr, &thisaddr);
- if (inlen < 0) {
- warn ("read from %s failed", hostname);
- return 1;
- }
-
- if (strncmp(ret, "ok", inlen) != 0) {
- warnx ("error from %s: %.*s\n",
- hostname, inlen, (char *)ret);
- return 1;
- }
-
- inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
- &cred.session, &thataddr, &thisaddr);
- if (inlen < 0) {
- warn ("read from %s", hostname);
- return 1;
- }
-
- {
- des_key_schedule key_s;
-
- des_key_sched(key, key_s);
- des_pcbc_encrypt(ret, ret, inlen, key_s, key, DES_DECRYPT);
- memset(key_s, 0, sizeof(key_s));
- }
- write_encrypted (s, ret, inlen, schedule, &cred.session,
- &thisaddr, &thataddr);
-
- inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
- &cred.session, &thataddr, &thisaddr);
- if (inlen < 0) {
- warn ("read from %s", hostname);
- return 1;
- }
-
- if (strncmp(ret, "ok", inlen) != 0) {
- warnx ("error from %s: %.*s\n",
- hostname, inlen, (char *)ret);
- return 1;
- }
- return 0;
-}
-
-int
-rkinit (krb_principal *princ, int lifetime, char *locuser,
- char *tktfile, des_cblock *key, char *hostname)
-{
- struct in_addr *addr;
- unsigned naddr;
- unsigned i;
- int port;
- int success;
-
- addr = getalladdrs (hostname, &naddr);
- if (addr == NULL)
- return 1;
- port = k_getportbyname ("kauth", "tcp", htons(KAUTH_PORT));
- success = 0;
- for (i = 0; !success && i < naddr; ++i) {
- struct sockaddr_in a;
- int s;
-
- memset(&a, 0, sizeof(a));
- a.sin_family = AF_INET;
- a.sin_port = port;
- a.sin_addr = addr[i];
-
- s = socket (AF_INET, SOCK_STREAM, 0);
- if (s < 0) {
- warn("socket");
- return 1;
- }
- if (connect(s, (struct sockaddr *)&a, sizeof(a)) < 0) {
- warn("connect(%s)", hostname);
- continue;
- }
-
- success = success || !doit_host (princ, lifetime,
- locuser, tktfile, key,
- s, hostname);
- close (s);
- }
- return !success;
-}
diff --git a/kerberosIV/kauthd/Makefile b/kerberosIV/kauthd/Makefile
deleted file mode 100644
index c513ae3de50..00000000000
--- a/kerberosIV/kauthd/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-# $OpenBSD: Makefile,v 1.2 1998/02/26 00:16:47 art Exp $
-
-.include <bsd.obj.mk>
-
-SRCS= kauthd.c inaddr2str.c mini_inetd.c
-.PATH: ${.CURDIR}/../kauth
-SRCS+= encdata.c marshall.c
-PROG= kauthd
-LDADD+= -lkrb -lkafs -ldes
-DPADD+= ${LIBKRB} ${LIBKAFS}
-CFLAGS+= -I${.CURDIR}/../kauth
-BINDIR=/usr/libexec
-MAN= kauthd.8
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kauthd/inaddr2str.c b/kerberosIV/kauthd/inaddr2str.c
deleted file mode 100644
index 485aafb61c4..00000000000
--- a/kerberosIV/kauthd/inaddr2str.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/* $OpenBSD: inaddr2str.c,v 1.1 1998/02/18 07:10:24 art Exp $ */
-/* $KTH: inaddr2str.c,v 1.8 1997/10/29 01:32:55 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-
-/*
- * Get a verified name for `addr'.
- * If unable to find it in the DNS, return x.y.z.a
- */
-
-void
-inaddr2str(struct in_addr addr, char *s, size_t len)
-{
- struct hostent *h;
- char *p;
-
- h = gethostbyaddr ((const char *)&addr, sizeof(addr), AF_INET);
- if (h) {
- h = gethostbyname (h->h_name);
- if(h)
- while ((p = *(h->h_addr_list)++))
- if (memcmp (p, &addr, sizeof(addr)) == 0) {
- strncpy (s, h->h_name, len);
- s[len - 1] = '\0';
- return;
- }
- }
- strncpy (s, inet_ntoa (addr), len);
- s[len - 1] = '\0';
- return;
-}
diff --git a/kerberosIV/kauthd/kauthd.8 b/kerberosIV/kauthd/kauthd.8
deleted file mode 100644
index e142279dd49..00000000000
--- a/kerberosIV/kauthd/kauthd.8
+++ /dev/null
@@ -1,28 +0,0 @@
-.\" $KTH: kauthd.8,v 1.2 1996/09/28 22:04:48 assar Exp $
-.\" $OpenBSD: kauthd.8,v 1.3 1999/05/23 14:11:10 aaron Exp $
-.\"
-.Dd September 27, 1996
-.Dt KAUTHD 8
-.Os
-.Sh NAME
-.Nm kauthd
-.Nd
-remote Kerberos login daemon
-.Sh SYNOPSIS
-.Nm kauthd
-.Sh DESCRIPTION
-Daemon for the
-.Xr kauth 1
-command.
-.Pp
-Options supported by
-.Nm kauthd :
-.Bl -tag -width Ds
-.It Fl i
-Interactive. Do not expect to be started by
-.Nm inetd,
-but allocate and listen to the socket yourself. Handy for testing
-and debugging.
-.El
-.Sh SEE ALSO
-.Xr kauth 1
diff --git a/kerberosIV/kauthd/kauthd.c b/kerberosIV/kauthd/kauthd.c
deleted file mode 100644
index 3ec59f76ad6..00000000000
--- a/kerberosIV/kauthd/kauthd.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/* $OpenBSD: kauthd.c,v 1.1 1998/02/18 07:10:24 art Exp $ */
-/* $KTH: kauthd.c,v 1.22 1997/05/18 20:37:55 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <kauth.h>
-#include <syslog.h>
-#include <varargs.h>
-
-krb_principal princ;
-static char locuser[SNAME_SZ + 1];
-static int lifetime;
-static char tktfile[MAXPATHLEN + 1];
-
-struct remote_args {
- int sock;
- des_key_schedule *schedule;
- des_cblock *session;
- struct sockaddr_in *me, *her;
-};
-
-static int
-decrypt_remote_tkt (char *user, char *inst, char *realm, void *varg,
- key_proc_t key_proc, KTEXT *cipp)
-{
- char buf[BUFSIZ];
- void *ptr;
- int len;
- KTEXT cip = *cipp;
- struct remote_args *args = (struct remote_args *)varg;
-
- write_encrypted (args->sock, cip->dat, cip->length,
- *args->schedule, args->session, args->me,
- args->her);
- len = read_encrypted (args->sock, buf, sizeof(buf), &ptr, *args->schedule,
- args->session, args->her, args->me);
- memcpy(cip->dat, ptr, cip->length);
-
- return 0;
-}
-
-static int
-doit(int sock)
-{
- int status;
- KTEXT_ST ticket;
- AUTH_DAT auth;
- char instance[INST_SZ + 1];
- des_key_schedule schedule;
- struct sockaddr_in thisaddr, thataddr;
- int addrlen;
- int len;
- char buf[BUFSIZ];
- void *data;
- struct passwd *passwd;
- char version[KRB_SENDAUTH_VLEN + 1];
- char remotehost[MAXHOSTNAMELEN];
-
- addrlen = sizeof(thisaddr);
- if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
- addrlen != sizeof(thisaddr)) {
- return 1;
- }
- addrlen = sizeof(thataddr);
- if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
- addrlen != sizeof(thataddr)) {
- return 1;
- }
-
- inaddr2str (thataddr.sin_addr, remotehost, sizeof(remotehost));
-
- k_getsockinst (sock, instance, sizeof(instance));
- status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance,
- &thataddr, &thisaddr, &auth, "", schedule,
- version);
- if (status != KSUCCESS ||
- strncmp(version, KAUTH_VERSION, KRB_SENDAUTH_VLEN) != 0) {
- return 1;
- }
- len = read_encrypted (sock, buf, sizeof(buf), &data, schedule,
- &auth.session, &thataddr, &thisaddr);
- if (len < 0) {
- write_encrypted (sock, "read_enc failed",
- sizeof("read_enc failed") - 1, schedule,
- &auth.session, &thisaddr, &thataddr);
- return 1;
- }
- if (unpack_args(data, &princ, &lifetime, locuser,
- tktfile)) {
- write_encrypted (sock, "unpack_args failed",
- sizeof("unpack_args failed") - 1, schedule,
- &auth.session, &thisaddr, &thataddr);
- return 1;
- }
-
- if( kuserok(&auth, locuser) != 0) {
- snprintf(buf, sizeof(buf), "%s cannot get tickets for %s",
- locuser, krb_unparse_name(&princ));
- syslog (LOG_ERR, buf);
- write_encrypted (sock, buf, strlen(buf), schedule,
- &auth.session, &thisaddr, &thataddr);
- return 1;
- }
- passwd = getpwnam (locuser);
- if (passwd == NULL) {
- snprintf (buf, sizeof(buf), "No user '%s'", locuser);
- syslog (LOG_ERR, buf);
- write_encrypted (sock, buf, strlen(buf), schedule,
- &auth.session, &thisaddr, &thataddr);
- return 1;
- }
- if (setgid (passwd->pw_gid) ||
- initgroups(passwd->pw_name, passwd->pw_gid) ||
- setuid(passwd->pw_uid)) {
- snprintf (buf, sizeof(buf), "Could not change user");
- syslog (LOG_ERR, buf);
- write_encrypted (sock, buf, strlen(buf), schedule,
- &auth.session, &thisaddr, &thataddr);
- return 1;
- }
- write_encrypted (sock, "ok", sizeof("ok") - 1, schedule,
- &auth.session, &thisaddr, &thataddr);
-
- if (*tktfile == 0)
- snprintf(tktfile, sizeof(tktfile), "%s%u", TKT_ROOT, (unsigned)getuid());
- krb_set_tkt_string (tktfile);
-
- {
- struct remote_args arg;
-
- arg.sock = sock;
- arg.schedule = &schedule;
- arg.session = &auth.session;
- arg.me = &thisaddr;
- arg.her = &thataddr;
-
- status = krb_get_in_tkt (princ.name, princ.instance, princ.realm,
- KRB_TICKET_GRANTING_TICKET,
- princ.realm,
- lifetime, NULL, decrypt_remote_tkt, &arg);
- }
- if (status == KSUCCESS) {
- syslog (LOG_INFO, "from %s(%s): %s -> %s",
- remotehost,
- inet_ntoa(thataddr.sin_addr),
- locuser,
- krb_unparse_name (&princ));
- write_encrypted (sock, "ok", sizeof("ok") - 1, schedule,
- &auth.session, &thisaddr, &thataddr);
- return 0;
- } else {
- snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status));
- syslog (LOG_NOTICE, buf);
- write_encrypted (sock, buf, strlen(buf), schedule,
- &auth.session, &thisaddr, &thataddr);
- return 1;
- }
-}
-
-int
-main (int argc, char **argv)
-{
- openlog ("kauthd", LOG_ODELAY, LOG_AUTH);
-
- if(argc > 1 && strcmp(argv[1], "-i") == 0)
- mini_inetd (k_getportbyname("kauth", "tcp", htons(KAUTH_PORT)));
- return doit(STDIN_FILENO);
-}
diff --git a/kerberosIV/kauthd/mini_inetd.c b/kerberosIV/kauthd/mini_inetd.c
deleted file mode 100644
index b2452c82b06..00000000000
--- a/kerberosIV/kauthd/mini_inetd.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/* $OpenBSD: mini_inetd.c,v 1.1 1998/02/18 07:10:25 art Exp $ */
-/* $KTH : mini_inetd.c,v 1.12 1997/11/02 04:14:12 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#include <stdio.h>
-
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-void
-mini_inetd (int port)
-{
- struct sockaddr_in sa;
- int s = socket(AF_INET, SOCK_STREAM, 0);
- int s2;
- int one = 1;
- if(s < 0){
- perror("socket");
- exit(1);
- }
-#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
- if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
- sizeof(one)) < 0){
- perror("setsockopt");
- exit(1);
- }
-#endif
- memset(&sa, 0, sizeof(sa));
- sa.sin_family = AF_INET;
- sa.sin_port = port;
- sa.sin_addr.s_addr = INADDR_ANY;
- if(bind(s, (struct sockaddr*)&sa, sizeof(sa)) < 0){
- perror("bind");
- exit(1);
- }
- if(listen(s, SOMAXCONN) < 0){
- perror("listen");
- exit(1);
- }
- s2 = accept(s, NULL, 0);
- if(s2 < 0){
- perror("accept");
- exit(1);
- }
- close(s);
- dup2(s2, STDIN_FILENO);
- dup2(s2, STDOUT_FILENO);
- /* dup2(s2, STDERR_FILENO); */
- close(s2);
-}
diff --git a/kerberosIV/kdb/Makefile b/kerberosIV/kdb/Makefile
deleted file mode 100644
index d316af871d9..00000000000
--- a/kerberosIV/kdb/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.4 1999/05/24 16:54:03 millert Exp $
-
-LIB= kdb
-CFLAGS+=-I${.CURDIR}
-SRCS= copykey.c krb_cache.c krb_dbm.c krb_kdb_utils.c krb_lib.c print_princ.c
-CFLAGS+= -DNDBM -DHAVE_NEW_DB
-
-.include <bsd.lib.mk>
diff --git a/kerberosIV/kdb/copykey.c b/kerberosIV/kdb/copykey.c
deleted file mode 100644
index ad1b703dafa..00000000000
--- a/kerberosIV/kdb/copykey.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/* $OpenBSD: copykey.c,v 1.2 1997/12/12 11:29:23 art Exp $ */
-/* $KTH: copykey.c,v 1.10 1997/04/01 08:18:17 joda Exp $" */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <kdb_locl.h>
-
-void
-copy_from_key(des_cblock in, u_int32_t *lo, u_int32_t *hi)
-{
- memcpy(lo, ((char *) in) + 0, 4);
- memcpy(hi, ((char *) in) + 4, 4);
-}
-
-void
-copy_to_key(u_int32_t *lo, u_int32_t *hi, des_cblock out)
-{
- memcpy(((char *)out) + 0, lo, 4);
- memcpy(((char *)out) + 4, hi, 4);
-}
diff --git a/kerberosIV/kdb/kdb_locl.h b/kerberosIV/kdb/kdb_locl.h
deleted file mode 100644
index 4bb06dc5c93..00000000000
--- a/kerberosIV/kdb/kdb_locl.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/* $OpenBSD: kdb_locl.h,v 1.4 1997/12/12 11:29:23 art Exp $ */
-/* $KTH: kdb_locl.h,v 1.9 1997/05/02 14:29:08 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __kdb_locl_h
-#define __kdb_locl_h
-
-#include <kerberosIV/site.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <unistd.h>
-#include <errno.h>
-
-#include <sys/types.h>
-
-#include <sys/time.h>
-#include <time.h>
-
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <utime.h>
-#include <sys/file.h>
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/krb_db.h>
-
-/* --- */
-
-/* Globals! */
-
-/* Utils */
-
-int kerb_db_set_lockmode __P((int));
-void kerb_db_fini __P((void));
-int kerb_db_init __P((void));
-int kerb_db_get_principal __P((char *name, char *, Principal *, unsigned int, int *));
-int kerb_db_get_dba __P((char *, char *, Dba *, unsigned int, int *));
-
-void delta_stat __P((DB_stat *, DB_stat *, DB_stat *));
-
-int kerb_cache_init __P((void));
-int kerb_cache_get_principal __P((char *name, char *, Principal *, unsigned int));
-int kerb_cache_put_principal __P((Principal *, unsigned int));
-int kerb_cache_get_dba __P((char *, char *, Dba *, unsigned int));
-int kerb_cache_put_dba __P((Dba *, unsigned int));
-
-void krb_print_principal __P((Principal *));
-
-#endif /* __kdb_locl_h */
diff --git a/kerberosIV/kdb/krb_cache.c b/kerberosIV/kdb/krb_cache.c
deleted file mode 100644
index 0deb618b83f..00000000000
--- a/kerberosIV/kdb/krb_cache.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/* $OpenBSD: krb_cache.c,v 1.5 1998/05/15 06:10:47 art Exp $ */
-/* $KTH: krb_cache.c,v 1.6 1997/05/02 10:27:53 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * This is where a cache would be implemented, if it were necessary.
- */
-
-#include "kdb_locl.h"
-
-#ifdef DEBUG
-extern int debug;
-extern long kerb_debug;
-#endif
-static int init = 0;
-
-/*
- * initialization routine for cache
- */
-
-int
-kerb_cache_init(void)
-{
- init = 1;
- return (0);
-}
-
-/*
- * look up a principal in the cache returns number of principals found
- */
-
-int
-kerb_cache_get_principal(char *serv, char *inst, Principal *principal, unsigned int max)
- /* could have wild card */
- /* could have wild card */
-
- /* max number of name structs to return */
-
-{
- int found = 0;
-
- if (!init)
- kerb_cache_init();
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "cache_get_principal for %s %s max = %d\n",
- serv, inst, max);
-#endif /* DEBUG */
-
-#ifdef DEBUG
- if (kerb_debug & 2) {
- if (found) {
- fprintf(stderr, "cache get %s %s found %s %s sid = %d\n",
- serv, inst, principal->name, principal->instance);
- } else {
- fprintf(stderr, "cache %s %s not found\n", serv,
- inst);
- }
- }
-#endif
- return found;
-}
-
-/*
- * insert/replace a principal in the cache returns number of principals
- * inserted
- */
-
-int
-kerb_cache_put_principal(Principal *principal, unsigned int max)
-
- /* max number of principal structs to
- * insert */
-
-{
- u_long i;
- int count = 0;
-
- if (!init)
- kerb_cache_init();
-
-#ifdef DEBUG
- if (kerb_debug & 2) {
- fprintf(stderr, "kerb_cache_put_principal max = %d",
- max);
- }
-#endif
-
- for (i = 0; i < max; i++) {
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "\n %s %s",
- principal->name, principal->instance);
-#endif
- /* DO IT */
- count++;
- principal++;
- }
- return count;
-}
-
-/*
- * look up a dba in the cache returns number of dbas found
- */
-
-int
-kerb_cache_get_dba(char *serv, char *inst, Dba *dba, unsigned int max)
- /* could have wild card */
- /* could have wild card */
-
- /* max number of name structs to return */
-
-{
- int found = 0;
-
- if (!init)
- kerb_cache_init();
-
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "cache_get_dba for %s %s max = %d\n",
- serv, inst, max);
-#endif
-
-#ifdef DEBUG
- if (kerb_debug & 2) {
- if (found) {
- fprintf(stderr, "cache get %s %s found %s %s sid = %d\n",
- serv, inst, dba->name, dba->instance);
- } else {
- fprintf(stderr, "cache %s %s not found\n", serv, inst);
- }
- }
-#endif
- return found;
-}
-
-/*
- * insert/replace a dba in the cache returns number of dbas inserted
- */
-
-int
-kerb_cache_put_dba(Dba *dba, unsigned int max)
-
- /* max number of dba structs to insert */
-
-{
- u_long i;
- int count = 0;
-
- if (!init)
- kerb_cache_init();
-#ifdef DEBUG
- if (kerb_debug & 2) {
- fprintf(stderr, "kerb_cache_put_dba max = %d", max);
- }
-#endif
- for (i = 0; i < max; i++) {
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "\n %s %s",
- dba->name, dba->instance);
-#endif
- /* DO IT */
- count++;
- dba++;
- }
- return count;
-}
-
diff --git a/kerberosIV/kdb/krb_dbm.c b/kerberosIV/kdb/krb_dbm.c
deleted file mode 100644
index ceeb95ee9a4..00000000000
--- a/kerberosIV/kdb/krb_dbm.c
+++ /dev/null
@@ -1,791 +0,0 @@
-/* $OpenBSD: krb_dbm.c,v 1.7 1998/05/15 06:10:48 art Exp $ */
-/* $KTH: krb_dbm.c,v 1.31 1997/12/14 22:48:17 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "kdb_locl.h"
-
-#include <xdbm.h>
-
-#define KERB_DB_MAX_RETRY 5
-
-#ifdef DEBUG
-extern int debug;
-extern long kerb_debug;
-extern char *progname;
-#endif
-
-static int init = 0;
-static char default_db_name[] = DBM_FILE;
-static char *current_db_name = default_db_name;
-
-static struct timeval timestamp; /* current time of request */
-static int non_blocking = 0;
-
-/*
- * This module contains all of the code which directly interfaces to
- * the underlying representation of the Kerberos database; this
- * implementation uses a DBM or NDBM indexed "file" (actually
- * implemented as two separate files) to store the relations, plus a
- * third file as a semaphore to allow the database to be replaced out
- * from underneath the KDC server.
- */
-
-/*
- * Locking:
- *
- * There are two distinct locking protocols used. One is designed to
- * lock against processes (the admin_server, for one) which make
- * incremental changes to the database; the other is designed to lock
- * against utilities (kdb_util, kpropd) which replace the entire
- * database in one fell swoop.
- *
- * The first locking protocol is implemented using flock() in the
- * krb_dbl_lock() and krb_dbl_unlock routines.
- *
- * The second locking protocol is necessary because DBM "files" are
- * actually implemented as two separate files, and it is impossible to
- * atomically rename two files simultaneously. It assumes that the
- * database is replaced only very infrequently in comparison to the time
- * needed to do a database read operation.
- *
- * A third file is used as a "version" semaphore; the modification
- * time of this file is the "version number" of the database.
- * At the start of a read operation, the reader checks the version
- * number; at the end of the read operation, it checks again. If the
- * version number changed, or if the semaphore was nonexistant at
- * either time, the reader sleeps for a second to let things
- * stabilize, and then tries again; if it does not succeed after
- * KERB_DB_MAX_RETRY attempts, it gives up.
- *
- * On update, the semaphore file is deleted (if it exists) before any
- * update takes place; at the end of the update, it is replaced, with
- * a version number strictly greater than the version number which
- * existed at the start of the update.
- *
- * If the system crashes in the middle of an update, the semaphore
- * file is not automatically created on reboot; this is a feature, not
- * a bug, since the database may be inconsistant. Note that the
- * absence of a semaphore file does not prevent another _update_ from
- * taking place later. Database replacements take place automatically
- * only on slave servers; a crash in the middle of an update will be
- * fixed by the next slave propagation. A crash in the middle of an
- * update on the master would be somewhat more serious, but this would
- * likely be noticed by an administrator, who could fix the problem and
- * retry the operation.
- */
-
-
-/*
- * Utility routine: generate name of database file.
- */
-
-static char *
-gen_dbsuffix(char *db_name, char *sfx)
-{
- char *dbsuffix;
-
- if (sfx == NULL)
- sfx = ".ok";
-
- asprintf (&dbsuffix, "%s%s", db_name, sfx);
- if (dbsuffix == NULL) { /* This might not be the nest solution */
- fprintf(stderr, "gen_dbsuffix: not enough memory\n");
- exit(1);
- }
- return dbsuffix;
-}
-
-static void
-decode_princ_key(datum *key, char *name, char *instance)
-{
- strncpy(name, key->dptr, ANAME_SZ);
- strncpy(instance, (char *)key->dptr + ANAME_SZ, INST_SZ);
- name[ANAME_SZ - 1] = '\0';
- instance[INST_SZ - 1] = '\0';
-}
-
-static void
-encode_princ_contents(datum *contents, Principal *principal)
-{
- contents->dsize = sizeof(*principal);
- contents->dptr = (char *) principal;
-}
-
-static void
-decode_princ_contents (datum *contents, Principal *principal)
-{
- memcpy(principal, contents->dptr, sizeof(*principal));
-}
-
-static void
-encode_princ_key (datum *key, char *name, char *instance)
-{
- static char keystring[ANAME_SZ + INST_SZ];
-
- memset(keystring, 0, ANAME_SZ + INST_SZ);
- strncpy(keystring, name, ANAME_SZ);
- strncpy(&keystring[ANAME_SZ], instance, INST_SZ);
- key->dptr = keystring;
- key->dsize = ANAME_SZ + INST_SZ;
-}
-
-static int dblfd = -1; /* db LOCK fd */
-static int mylock = 0;
-static int inited = 0;
-
-static int
-kerb_dbl_init(void)
-{
- if (!inited) {
- char *filename = gen_dbsuffix (current_db_name, ".ok");
- if ((dblfd = open(filename, O_RDWR)) < 0) {
- fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename);
- fflush(stderr);
- perror("open");
- exit(1);
- }
- free(filename);
- filename = NULL;
- inited++;
- }
- return 0;
-}
-
-static void
-kerb_dbl_fini(void)
-{
- close(dblfd);
- dblfd = -1;
- inited = 0;
- mylock = 0;
-}
-
-static int
-kerb_dbl_lock(int mode)
-{
- int flock_mode;
-
- if (!inited)
- kerb_dbl_init();
- if (mylock) { /* Detect lock call when lock already
- * locked */
- fprintf(stderr, "Kerberos locking error (mylock)\n");
- fflush(stderr);
- exit(1);
- }
- switch (mode) {
- case KERB_DBL_EXCLUSIVE:
- flock_mode = K_LOCK_EX;
- break;
- case KERB_DBL_SHARED:
- flock_mode = K_LOCK_SH;
- break;
- default:
- fprintf(stderr, "invalid lock mode %d\n", mode);
- abort();
- }
- if (non_blocking)
- flock_mode |= K_LOCK_NB;
-
- if (flock(dblfd, flock_mode) < 0)
- return errno;
- mylock++;
- return 0;
-}
-
-static void
-kerb_dbl_unlock(void)
-{
- if (!mylock) { /* lock already unlocked */
- fprintf(stderr, "Kerberos database lock not locked when unlocking.\n");
- fflush(stderr);
- exit(1);
- }
- if (flock(dblfd, K_LOCK_UN) < 0) {
- fprintf(stderr, "Kerberos database lock error. (unlocking)\n");
- fflush(stderr);
- perror("flock");
- exit(1);
- }
- mylock = 0;
-}
-
-int
-kerb_db_set_lockmode(int mode)
-{
- int old = non_blocking;
- non_blocking = mode;
- return old;
-}
-
-/*
- * initialization for data base routines.
- */
-
-int
-kerb_db_init(void)
-{
- init = 1;
- return (0);
-}
-
-/*
- * gracefully shut down database--must be called by ANY program that does
- * a kerb_db_init
- */
-
-void
-kerb_db_fini(void)
-{
-}
-
-/*
- * Set the "name" of the current database to some alternate value.
- *
- * Passing a null pointer as "name" will set back to the default.
- * If the alternate database doesn't exist, nothing is changed.
- */
-
-int
-kerb_db_set_name(char *name)
-{
- DBM *db;
-
- if (name == NULL)
- name = default_db_name;
- db = dbm_open(name, 0, 0);
- if (db == NULL)
- return errno;
- dbm_close(db);
- kerb_dbl_fini();
- current_db_name = name;
- return 0;
-}
-
-/*
- * Return the last modification time of the database.
- */
-
-time_t
-kerb_get_db_age(void)
-{
- struct stat st;
- char *okname;
- time_t age;
-
- okname = gen_dbsuffix(current_db_name, ".ok");
-
- if (stat (okname, &st) < 0)
- age = 0;
- else
- age = st.st_mtime;
-
- free (okname);
- okname = NULL;
- return age;
-}
-
-/*
- * Remove the semaphore file; indicates that database is currently
- * under renovation.
- *
- * This is only for use when moving the database out from underneath
- * the server (for example, during slave updates).
- */
-
-static time_t
-kerb_start_update(char *db_name)
-{
- char *okname = gen_dbsuffix(db_name, ".ok");
- time_t age = kerb_get_db_age();
-
- if (unlink(okname) < 0
- && errno != ENOENT) {
- age = -1;
- }
- free (okname);
- okname = NULL;
- return age;
-}
-
-static int
-kerb_end_update(char *db_name, time_t age)
-{
- int fd;
- int retval = 0;
- char *new_okname = gen_dbsuffix(db_name, ".ok#");
- char *okname = gen_dbsuffix(db_name, ".ok");
-
- fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
- if (fd < 0)
- retval = errno;
- else {
- struct stat st;
- struct utimbuf tv;
- /* make sure that semaphore is "after" previous value. */
- if (fstat (fd, &st) == 0
- && st.st_mtime <= age) {
- tv.actime = st.st_atime;
- tv.modtime = age;
- /* set times.. */
- utime (new_okname, &tv);
- fsync(fd);
- }
- close(fd);
- if (rename (new_okname, okname) < 0)
- retval = errno;
- }
-
- free (new_okname);
- new_okname = NULL;
- free (okname);
- okname = NULL;
-
- return retval;
-}
-
-static time_t
-kerb_start_read(void)
-{
- return kerb_get_db_age();
-}
-
-static int
-kerb_end_read(time_t age)
-{
- if (kerb_get_db_age() != age || age == -1) {
- return -1;
- }
- return 0;
-}
-
-/*
- * Create the database, assuming it's not there.
- */
-int
-kerb_db_create(char *db_name)
-{
- char *okname = gen_dbsuffix(db_name, ".ok");
- int fd;
- int ret = 0;
-#ifdef NDBM
- DBM *db;
-
- db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (db == NULL)
- ret = errno;
- else
- dbm_close(db);
-#else
- char *dirname = gen_dbsuffix(db_name, ".dir");
- char *pagname = gen_dbsuffix(db_name, ".pag");
-
- fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd < 0)
- ret = errno;
- else {
- close(fd);
- fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd < 0)
- ret = errno;
- else
- close(fd);
- }
- if (dbminit(db_name) < 0)
- ret = errno;
-#endif
- if (ret == 0) {
- fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
- if (fd < 0)
- ret = errno;
- close(fd);
- }
- return ret;
-}
-
-/*
- * "Atomically" rename the database in a way that locks out read
- * access in the middle of the rename.
- *
- * Not perfect; if we crash in the middle of an update, we don't
- * necessarily know to complete the transaction the rename, but...
- */
-
-int
-kerb_db_rename(char *from, char *to)
-{
-#ifdef HAVE_NEW_DB
- char *fromdb = gen_dbsuffix (from, ".db");
- char *todb = gen_dbsuffix (to, ".db");
-#else
- char *fromdir = gen_dbsuffix (from, ".dir");
- char *todir = gen_dbsuffix (to, ".dir");
- char *frompag = gen_dbsuffix (from , ".pag");
- char *topag = gen_dbsuffix (to, ".pag");
-#endif
- char *fromok = gen_dbsuffix(from, ".ok");
- long trans = kerb_start_update(to);
- int ok = 0;
-
-#ifdef HAVE_NEW_DB
- if (rename (fromdb, todb) == 0) {
- unlink (fromok);
- ok = 1;
- }
- free (fromdb);
- fromdb = NULL;
- free (todb);
- todb = NULL;
-#else
- if ((rename (fromdir, todir) == 0)
- && (rename (frompag, topag) == 0)) {
- unlink (fromok);
- ok = 1;
- }
- free (fromdir);
- fromdir = NULL;
- free (todir);
- todir = NULL;
- free (frompag);
- frompag = NULL;
- free (topag);
- topag = NULL;
-#endif
- free (fromok);
- fromok = NULL;
- if (ok)
- return kerb_end_update(to, trans);
- else
- return -1;
-}
-
-int
-kerb_db_delete_principal (char *name, char *inst)
-{
- DBM *db;
- int try;
- int done = 0;
- int code;
- datum key;
-
- if(!init)
- kerb_db_init();
-
- for(try = 0; try < KERB_DB_MAX_RETRY; try++){
- if((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
- return -1;
-
- db = dbm_open(current_db_name, O_RDWR, 0600);
- if(db == NULL)
- return -1;
- encode_princ_key(&key, name, inst);
- if(dbm_delete(db, key) == 0)
- done = 1;
-
- dbm_close(db);
- kerb_dbl_unlock();
- if(done)
- break;
- if(!non_blocking)
- sleep(1);
- }
- if(!done)
- return -1;
- return 0;
-}
-
-
-/*
- * look up a principal in the data base returns number of principals
- * found , and whether there were more than requested.
- */
-
-int
-kerb_db_get_principal (char *name, char *inst, Principal *principal,
- unsigned int max, int *more)
-{
- int found = 0, code;
- int wildp, wildi;
- datum key, contents;
- char testname[ANAME_SZ], testinst[INST_SZ];
- u_long trans;
- int try;
- DBM *db;
-
- if (!init)
- kerb_db_init(); /* initialize database routines */
-
- for (try = 0; try < KERB_DB_MAX_RETRY; try++) {
- trans = kerb_start_read();
-
- if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
- return -1;
-
- db = dbm_open(current_db_name, O_RDONLY, 0600);
-
- *more = 0;
-
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr,
- "%s: db_get_principal for %s %s max = %d",
- progname, name, inst, max);
-#endif
-
- wildp = !strcmp(name, "*");
- wildi = !strcmp(inst, "*");
-
- if (!wildi && !wildp) { /* nothing's wild */
- encode_princ_key(&key, name, inst);
- contents = dbm_fetch(db, key);
- if (contents.dptr == NULL) {
- found = 0;
- goto done;
- }
- decode_princ_contents(&contents, principal);
-#ifdef DEBUG
- if (kerb_debug & 1) {
- fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n",
- principal->name, principal->instance,
- strlen(principal->name),
- strlen(principal->instance));
- }
-#endif
- found = 1;
- goto done;
- }
- /* process wild cards by looping through entire database */
-
- for (key = dbm_firstkey(db); key.dptr != NULL;
- key = dbm_next(db, key)) {
- decode_princ_key(&key, testname, testinst);
- if ((wildp || !strcmp(testname, name)) &&
- (wildi || !strcmp(testinst, inst))) { /* have a match */
- if (found >= max) {
- *more = 1;
- goto done;
- } else {
- found++;
- contents = dbm_fetch(db, key);
- decode_princ_contents(&contents, principal);
-#ifdef DEBUG
- if (kerb_debug & 1) {
- fprintf(stderr,
- "\tfound %s %s p_n length %d t_n length %d\n",
- principal->name, principal->instance,
- strlen(principal->name),
- strlen(principal->instance));
- }
-#endif
- principal++; /* point to next */
- }
- }
- }
-
- done:
- kerb_dbl_unlock(); /* unlock read lock */
- dbm_close(db);
- if (kerb_end_read(trans) == 0)
- break;
- found = -1;
- if (!non_blocking)
- sleep(1);
- }
- return (found);
-}
-
-/* Use long * rather than DBM * so that the database structure is private */
-
-long *
-kerb_db_begin_update(void)
-{
- int code;
-
- gettimeofday(&timestamp, NULL);
-
- if (!init)
- kerb_db_init();
-
- if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0)
- return 0;
-
- return (long *) dbm_open(current_db_name, O_RDWR, 0600);
-}
-
-void
-kerb_db_end_update(long *db)
-{
- dbm_close((DBM *)db);
- kerb_dbl_unlock(); /* unlock database */
-}
-
-int
-kerb_db_update(long *db, Principal *principal, unsigned int max)
-{
- int found = 0;
- u_long i;
- datum key, contents;
-
-#ifdef DEBUG
- if (kerb_debug & 2)
- fprintf(stderr, "%s: kerb_db_put_principal max = %d",
- progname, max);
-#endif
-
- /* for each one, stuff temps, and do replace/append */
- for (i = 0; i < max; i++) {
- encode_princ_contents(&contents, principal);
- encode_princ_key(&key, principal->name, principal->instance);
- if(dbm_store((DBM *)db, key, contents, DBM_REPLACE) < 0)
- return found; /* XXX some better mechanism to report
- failure should exist */
-#ifdef DEBUG
- if (kerb_debug & 1) {
- fprintf(stderr, "\n put %s %s\n",
- principal->name, principal->instance);
- }
-#endif
- found++;
- principal++; /* bump to next struct */
- }
- return found;
-}
-
-/*
- * Update a name in the data base. Returns number of names
- * successfully updated.
- */
-
-int
-kerb_db_put_principal(Principal *principal,
- unsigned max)
-
-{
- int found;
- long *db;
-
- db = kerb_db_begin_update();
- if (db == 0)
- return -1;
-
- found = kerb_db_update(db, principal, max);
-
- kerb_db_end_update(db);
- return (found);
-}
-
-void
-kerb_db_get_stat(DB_stat *s)
-{
- gettimeofday(&timestamp, NULL);
-
- s->cpu = 0;
- s->elapsed = 0;
- s->dio = 0;
- s->pfault = 0;
- s->t_stamp = timestamp.tv_sec;
- s->n_retrieve = 0;
- s->n_replace = 0;
- s->n_append = 0;
- s->n_get_stat = 0;
- s->n_put_stat = 0;
- /* update local copy too */
-}
-
-void
-kerb_db_put_stat(DB_stat *s)
-{
-}
-
-void
-delta_stat(DB_stat *a, DB_stat *b, DB_stat *c)
-{
- /* c = a - b then b = a for the next time */
-
- c->cpu = a->cpu - b->cpu;
- c->elapsed = a->elapsed - b->elapsed;
- c->dio = a->dio - b->dio;
- c->pfault = a->pfault - b->pfault;
- c->t_stamp = a->t_stamp - b->t_stamp;
- c->n_retrieve = a->n_retrieve - b->n_retrieve;
- c->n_replace = a->n_replace - b->n_replace;
- c->n_append = a->n_append - b->n_append;
- c->n_get_stat = a->n_get_stat - b->n_get_stat;
- c->n_put_stat = a->n_put_stat - b->n_put_stat;
-
- memcpy(b, a, sizeof(DB_stat));
-}
-
-/*
- * look up a dba in the data base returns number of dbas found , and
- * whether there were more than requested.
- */
-
-int
-kerb_db_get_dba(char *dba_name, /* could have wild card */
- char *dba_inst, /* could have wild card */
- Dba *dba,
- unsigned max, /* max number of name structs to return */
- int *more) /* where there more than 'max' tuples? */
-{
- *more = 0;
- return (0);
-}
-
-int
-kerb_db_iterate (k_iter_proc_t func, void *arg)
-{
- datum key, contents;
- Principal *principal;
- int code;
- DBM *db;
-
- kerb_db_init(); /* initialize and open the database */
- if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
- return code;
-
- db = dbm_open(current_db_name, O_RDONLY, 0600);
-
- for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) {
- contents = dbm_fetch (db, key);
- /* XXX may not be properly aligned */
- principal = (Principal *) contents.dptr;
- if ((code = (*func)(arg, principal)) != 0)
- return code;
- }
- dbm_close(db);
- kerb_dbl_unlock();
- return 0;
-}
diff --git a/kerberosIV/kdb/krb_kdb_utils.c b/kerberosIV/kdb/krb_kdb_utils.c
deleted file mode 100644
index 439cb89e01a..00000000000
--- a/kerberosIV/kdb/krb_kdb_utils.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/* $OpenBSD: krb_kdb_utils.c,v 1.5 1999/05/07 15:40:09 deraadt Exp $ */
-/* $KTH: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Utility routines for Kerberos programs which directly access
- * the database. This code was duplicated in too many places
- * before I gathered it here.
- *
- * Jon Rochlis, MIT Telecom, March 1988
- */
-
-#include "kdb_locl.h"
-
-#include <kdc.h>
-
-/* always try /.k for backwards compatibility */
-static char *master_key_files[] = { MKEYFILE, "/.k", NULL };
-
-#define k_strerror(e) strerror(e)
-
-int
-kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule)
-{
- int kfile;
- int i;
- char buf[1024];
-
- char **mkey;
-
- for(mkey = master_key_files; *mkey; mkey++){
- kfile = open(*mkey, O_RDONLY);
- if(kfile < 0 && errno != ENOENT)
- fprintf(stderr, "Failed to open master key file \"%s\": %s\n",
- *mkey,
- k_strerror(errno));
- if(kfile >= 0)
- break;
- }
- if(*mkey != NULL){
- int bytes;
- bytes = read(kfile, (char*)key, sizeof(des_cblock));
- close(kfile);
- if(bytes == sizeof(des_cblock)){
- des_key_sched(key, schedule);
- return 0;
- }
- fprintf(stderr, "Could only read %d bytes from master key file %s\n",
- bytes, *mkey);
- }else{
- fprintf(stderr, "No master key file found.\n");
- }
-
-
- i=0;
- while(i < 3){
- if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0))
- break;
-
- /* buffer now contains either an old format master key password or a
- * new format base64 encoded master key
- */
-
- /* try to verify as old password */
- des_string_to_key(buf, key);
- des_key_sched(key, schedule);
-
- if(kdb_verify_master_key(key, schedule, NULL) != -1){
- memset(buf, 0, sizeof(buf));
- return 0;
- }
-
- /* failed test, so must be base64 encoded */
-
- if(base64_decode(buf, key) == 8){
- des_key_sched(key, schedule);
- if(kdb_verify_master_key(key, schedule, NULL) != -1){
- memset(buf, 0, sizeof(buf));
- return 0;
- }
- }
-
- memset(buf, 0, sizeof(buf));
- fprintf(stderr, "Failed to verify master key.\n");
- i++;
- }
-
- /* life sucks */
- fprintf(stderr, "You lose.\n");
- exit(1);
-}
-
-int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule,
- int verify)
-{
-#ifndef RANDOM_MKEY
- des_read_password(key, "\nEnter Kerberos master password: ", verify);
- printf ("\n");
-#else
- char buf[1024];
- des_generate_random_block (key);
- des_key_sched(key, schedule);
-
- des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0);
- des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key);
- memset(buf, 0, sizeof(buf));
-#endif
- des_key_sched(key, schedule);
- return 0;
-}
-
-int kdb_get_master_key(int prompt, des_cblock *master_key,
- des_key_schedule master_key_sched)
-{
- int ask = (prompt == KDB_GET_TWICE);
-#ifndef RANDOM_MKEY
- ask |= (prompt == KDB_GET_PROMPT);
-#endif
-
- if(ask)
- kdb_new_get_new_master_key(master_key, master_key_sched,
- prompt == KDB_GET_TWICE);
- else
- kdb_new_get_master_key(master_key, master_key_sched);
- return 0;
-}
-
-int kdb_kstash(des_cblock *master_key, char *file)
-{
- int kfile;
- kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600);
- if (kfile < 0) {
- return -1;
- }
- if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) {
- close(kfile);
- return -1;
- }
- close(kfile);
- return 0;
-}
-
-/* The old algorithm used the key schedule as the initial vector which
- was byte order depedent ... */
-
-void
-kdb_encrypt_key (des_cblock (*in), des_cblock (*out),
- des_cblock (*master_key),
- des_key_schedule master_key_sched, int e_d_flag)
-{
-#ifdef NOENCRYPTION
- memcpy(out, in, sizeof(des_cblock));
-#else
- des_pcbc_encrypt(in, out, (long)sizeof(des_cblock), master_key_sched,
- master_key, e_d_flag);
-#endif
-}
-
-/* The caller is reasponsible for cleaning up the master key and sched,
- even if we can't verify the master key */
-
-/* Returns master key version if successful, otherwise -1 */
-
-long
-kdb_verify_master_key (des_cblock *master_key,
- des_key_schedule master_key_sched,
- FILE *out) /* NULL -> no output */
-{
- des_cblock key_from_db;
- Principal principal_data[1];
- int n, more = 0;
- long master_key_version;
-
- /* lookup the master key version */
- n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
- 1 /* only one please */, &more);
- if ((n != 1) || more) {
- if (out != (FILE *) NULL)
- fprintf(out,
- "verify_master_key: %s, %d found.\n",
- "Kerberos error on master key version lookup",
- n);
- return (-1);
- }
-
- master_key_version = (long) principal_data[0].key_version;
-
- /* set up the master key */
- if (out != (FILE *) NULL) /* should we punt this? */
- fprintf(out, "Current Kerberos master key version is %d.\n",
- principal_data[0].kdc_key_ver);
-
- /*
- * now use the master key to decrypt the key in the db, had better
- * be the same!
- */
- copy_to_key(&principal_data[0].key_low,
- &principal_data[0].key_high,
- key_from_db);
- kdb_encrypt_key (&key_from_db, &key_from_db,
- master_key, master_key_sched, DES_DECRYPT);
-
- /* the decrypted database key had better equal the master key */
- n = memcmp(master_key, key_from_db, sizeof(master_key));
- /* this used to zero the master key here! */
- memset(key_from_db, 0, sizeof(key_from_db));
- memset(principal_data, 0, sizeof (principal_data));
-
- if (n && (out != (FILE *) NULL)) {
- fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
- fprintf(out, "does not match database.\n");
- }
- if(n)
- return (-1);
-
- if (out != (FILE *) NULL) {
- fprintf(out, "\nMaster key entered. BEWARE!\07\07\n");
- fflush(out);
- }
-
- return master_key_version;
-}
diff --git a/kerberosIV/kdb/krb_lib.c b/kerberosIV/kdb/krb_lib.c
deleted file mode 100644
index d5884580b0d..00000000000
--- a/kerberosIV/kdb/krb_lib.c
+++ /dev/null
@@ -1,272 +0,0 @@
-/* $OpenBSD: krb_lib.c,v 1.6 1998/05/15 06:10:51 art Exp $ */
-/* $KTH: krb_lib.c,v 1.11 1997/05/07 01:36:08 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "kdb_locl.h"
-
-#ifdef DEBUG
-extern int debug;
-extern char *progname;
-long kerb_debug;
-#endif
-
-static int init = 0;
-
-/*
- * initialization routine for data base
- */
-
-int
-kerb_init(void)
-{
-#ifdef DEBUG
- if (!init) {
- char *dbg = getenv("KERB_DBG");
- if (dbg)
- sscanf(dbg, "%d", &kerb_debug);
- init = 1;
- }
-#endif
- kerb_db_init();
-
-#ifdef CACHE
- kerb_cache_init();
-#endif
-
- /* successful init, return 0, else errcode */
- return (0);
-}
-
-/*
- * finalization routine for database -- NOTE: MUST be called by any
- * program using kerb_init. ALSO will have to be modified to finalize
- * caches, if they're ever really implemented.
- */
-
-void
-kerb_fini(void)
-{
- kerb_db_fini();
-}
-
-
-int
-kerb_delete_principal(char *name, char *inst)
-{
- int ret;
-
- if (!init)
- kerb_init();
-
- ret = kerb_db_delete_principal(name, inst);
-#ifdef CACHE
- if(ret == 0){
- kerb_cache_delete_principal(name, inst);
- }
-#endif
- return ret;
-}
-
-
-/*
- * look up a principal in the cache or data base returns number of
- * principals found
- */
-
-int
-kerb_get_principal(char *name, char *inst, Principal *principal,
- unsigned int max, int *more)
- /* could have wild card */
- /* could have wild card */
-
- /* max number of name structs to return */
- /* more tuples than room for */
-
-{
- int found = 0;
-#ifdef CACHE
- static int wild = 0;
-#endif
- if (!init)
- kerb_init();
-
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n",
- progname, name, inst, max);
-#endif
-
- /*
- * if this is a request including a wild card, have to go to db
- * since the cache may not be exhaustive.
- */
-
- /* clear the principal area */
- memset(principal, 0, max * sizeof(Principal));
-
-#ifdef CACHE
- /*
- * so check to see if the name contains a wildcard "*" or "?", not
- * preceeded by a backslash.
- */
- wild = 0;
- if (index(name, '*') || index(name, '?') ||
- index(inst, '*') || index(inst, '?'))
- wild = 1;
-
- if (!wild) {
- /* try the cache first */
- found = kerb_cache_get_principal(name, inst, principal, max, more);
- if (found)
- return (found);
- }
-#endif
- /* If we didn't try cache, or it wasn't there, try db */
- found = kerb_db_get_principal(name, inst, principal, max, more);
- /* try to insert principal(s) into cache if it was found */
-#ifdef CACHE
- if (found) {
- kerb_cache_put_principal(principal, found);
- }
-#endif
- return (found);
-}
-
-/* principals */
-int
-kerb_put_principal(Principal *principal, unsigned int n)
-
- /* number of principal structs to write */
-{
- struct tm *tp;
-
- /* set mod date */
- principal->mod_date = time((time_t *)0);
- /* and mod date string */
-
- tp = k_localtime(&principal->mod_date);
- snprintf(principal->mod_date_txt,
- sizeof(principal->mod_date_txt),
- "%4d-%2d-%2d",
- tp->tm_year + 1900,
- tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
-#ifdef DEBUG
- if (kerb_debug & 1) {
- int i;
- fprintf(stderr, "\nkerb_put_principal...");
- for (i = 0; i < n; i++) {
- krb_print_principal(&principal[i]);
- }
- }
-#endif
- /* write database */
- if (kerb_db_put_principal(principal, n) < 0) {
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_db_put_principal err", progname);
- /* watch out for cache */
-#endif
- return -1;
- }
-#ifdef CACHE
- /* write cache */
- if (!kerb_cache_put_principal(principal, n)) {
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname);
-#endif
- return -1;
- }
-#endif
- return 0;
-}
-
-int
-kerb_get_dba(char *name, char *inst, Dba *dba, unsigned int max, int *more)
- /* could have wild card */
- /* could have wild card */
-
- /* max number of name structs to return */
- /* more tuples than room for */
-
-{
- int found = 0;
-#ifdef CACHE
- static int wild = 0;
-#endif
- if (!init)
- kerb_init();
-
-#ifdef DEBUG
- if (kerb_debug & 1)
- fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n",
- progname, name, inst, max);
-#endif
- /*
- * if this is a request including a wild card, have to go to db
- * since the cache may not be exhaustive.
- */
-
- /* clear the dba area */
- memset(dba, 0, max * sizeof(Dba));
-
-#ifdef CACHE
- /*
- * so check to see if the name contains a wildcard "*" or "?", not
- * preceeded by a backslash.
- */
-
- wild = 0;
- if (index(name, '*') || index(name, '?') ||
- index(inst, '*') || index(inst, '?'))
- wild = 1;
-
- if (!wild) {
- /* try the cache first */
- found = kerb_cache_get_dba(name, inst, dba, max, more);
- if (found)
- return (found);
- }
-#endif
- /* If we didn't try cache, or it wasn't there, try db */
- found = kerb_db_get_dba(name, inst, dba, max, more);
-#ifdef CACHE
- /* try to insert dba(s) into cache if it was found */
- if (found) {
- kerb_cache_put_dba(dba, found);
- }
-#endif
- return found;
-}
diff --git a/kerberosIV/kdb/print_princ.c b/kerberosIV/kdb/print_princ.c
deleted file mode 100644
index d9182e08d26..00000000000
--- a/kerberosIV/kdb/print_princ.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* $OpenBSD: print_princ.c,v 1.4 1998/05/15 06:10:52 art Exp $ */
-/* $KTH: print_princ.c,v 1.5 1997/05/07 01:37:13 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "kdb_locl.h"
-
-void
-krb_print_principal(Principal *a_n)
-{
- struct tm *time_p;
-
- /* run-time database does not contain string versions */
- time_p = k_localtime(&(a_n->exp_date));
-
- fprintf(stderr,
- "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min attr 0x%02x",
- a_n->name, a_n->instance,
- time_p->tm_year + 1900,
- time_p->tm_mon + 1, time_p->tm_mday,
- time_p->tm_hour, time_p->tm_min,
- a_n->max_life, 5 * a_n->max_life, a_n->attributes);
-
- fprintf(stderr,
- "\n\tkey_ver %d k_low 0x%08lx k_high 0x%08lx akv %d exists %ld\n",
- a_n->key_version, (long)a_n->key_low, (long)a_n->key_high,
- a_n->kdc_key_ver, (long)a_n->old);
-
- fflush(stderr);
-}
diff --git a/kerberosIV/kdb/shlib_version b/kerberosIV/kdb/shlib_version
deleted file mode 100644
index 3066b9771e7..00000000000
--- a/kerberosIV/kdb/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
-major=5
-minor=0
diff --git a/kerberosIV/kdb_destroy/Makefile b/kerberosIV/kdb_destroy/Makefile
deleted file mode 100644
index b2db756c887..00000000000
--- a/kerberosIV/kdb_destroy/Makefile
+++ /dev/null
@@ -1,8 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.2 1999/06/22 11:27:01 art Exp $
-
-PROG= kdb_destroy
-MAN= kdb_destroy.8
-CFLAGS+= -DHAVE_NEW_DB
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kdb_destroy/kdb_destroy.8 b/kerberosIV/kdb_destroy/kdb_destroy.8
deleted file mode 100644
index 01317256574..00000000000
--- a/kerberosIV/kdb_destroy/kdb_destroy.8
+++ /dev/null
@@ -1,55 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kdb_destroy.8,v 1.4 1998/02/25 15:50:45 art Exp $
-.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kdb_destroy \- destroy Kerberos key distribution center database
-.SH SYNOPSIS
-kdb_destroy
-.SH DESCRIPTION
-.I kdb_destroy
-deletes a Kerberos key distribution center database.
-.PP
-The user is prompted to verify that the database should be destroyed. A
-response beginning with `y' or `Y' confirms deletion.
-Any other response aborts deletion.
-.SH DIAGNOSTICS
-.TP 20n
-"Database cannot be deleted at /etc/kerberosIV/principal"
-The attempt to delete the database failed (probably due to a system or
-access permission error).
-.TP
-"Database not deleted."
-The user aborted the deletion.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.pag, /etc/kerberosIV/principal.dir
-DBM files containing database
-.SH SEE ALSO
-kdb_init(8)
diff --git a/kerberosIV/kdb_destroy/kdb_destroy.c b/kerberosIV/kdb_destroy/kdb_destroy.c
deleted file mode 100644
index 36a1bd80403..00000000000
--- a/kerberosIV/kdb_destroy/kdb_destroy.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* $OpenBSD: kdb_destroy.c,v 1.4 1998/02/18 11:53:48 art Exp $ */
-/* $KTH: kdb_destroy.c,v 1.7 1997/03/31 02:25:21 assar Exp $ */
-
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
-
-#include "adm_locl.h"
-
-int
-main(int argc, char **argv)
-{
- char answer[10]; /* user input */
- char dbm[256]; /* database path and name */
- char dbm1[256]; /* database path and name */
-#ifdef HAVE_NEW_DB
- char *file; /* database file names */
-#else
- char *file1, *file2; /* database file names */
-#endif
-
- strncpy(dbm, DBM_FILE, sizeof(dbm) - 5);
- dbm[sizeof(dbm) - 5] = '\0';
-#ifdef HAVE_NEW_DB
- file = strcat(dbm, ".db");
- file[sizeof(dbm) - 1] = '\0';
-#else
- strncpy(dbm1, DBM_FILE, sizeof(dbm) - 5);
- file1 = strcat(dbm, ".dir");
- file1[sizeof(dbm) - 1] = '\0';
- file2 = strcat(dbm1, ".pag");
- file2[sizeof(dbm) - 1] = '\0';
-#endif
-
- printf("You are about to destroy the Kerberos database ");
- printf("on this machine.\n");
- printf("Are you sure you want to do this (y/n)? ");
- fgets(answer, sizeof(answer), stdin);
-
- if (answer[0] == 'y' || answer[0] == 'Y') {
-#ifdef HAVE_NEW_DB
- if (unlink(file) == 0)
-#else
- if (unlink(file1) == 0 && unlink(file2) == 0)
-#endif
- {
- warnx ("Database deleted at %s", DBM_FILE);
- return 0;
- }
- else
- warn ("Database cannot be deleted at %s", DBM_FILE);
- } else
- warnx ("Database not deleted at %s", DBM_FILE);
- return 1;
-}
diff --git a/kerberosIV/kdb_edit/Makefile b/kerberosIV/kdb_edit/Makefile
deleted file mode 100644
index 7c4e43feaa6..00000000000
--- a/kerberosIV/kdb_edit/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.2 1997/12/17 10:21:26 art Exp $
-
-PROG= kdb_edit
-SRCS= kdb_edit.c
-CFLAGS+=-I${.CURDIR}
-DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES}
-LDADD= -lkdb -lkrb -ldes
-MAN= kdb_edit.8
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kdb_edit/kdb_edit.8 b/kerberosIV/kdb_edit/kdb_edit.8
deleted file mode 100644
index 34187a5a5b1..00000000000
--- a/kerberosIV/kdb_edit/kdb_edit.8
+++ /dev/null
@@ -1,77 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kdb_edit.8,v 1.4 1998/02/25 15:50:47 art Exp $
-.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kdb_edit \- Kerberos key distribution center database editing utility
-.SH SYNOPSIS
-kdb_edit [
-.B \-n
-]
-.SH DESCRIPTION
-.I kdb_edit
-is used to create or change principals stored in the Kerberos key
-distribution center (KDC) database.
-.PP
-When executed,
-.I kdb_edit
-prompts for the master key string and verifies that it matches the
-master key stored in the database.
-If the
-.B \-n
-option is specified, the master key is instead fetched from the master
-key cache file.
-.PP
-Once the master key has been verified,
-.I kdb_edit
-begins a prompt loop. The user is prompted for the principal and
-instance to be modified. If the entry is not found the user may create
-it.
-Once an entry is found or created, the user may set the password,
-expiration date, maximum ticket lifetime, and attributes.
-Default expiration dates, maximum ticket lifetimes, and attributes are
-presented in brackets; if the user presses return the default is selected.
-There is no default password.
-The password RANDOM is interpreted specially, and if entered
-the user may have the program select a random DES key for the
-principal.
-.PP
-Upon successfully creating or changing the entry, ``Edit O.K.'' is
-printed.
-.SH DIAGNOSTICS
-.TP 20n
-"verify_master_key: Invalid master key, does not match database."
-The master key string entered was incorrect.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.pag, /etc/kerberosIV/principal.dir
-DBM files containing database
-.TP
-/etc/kerberosIV/master_key
-Master key cache file.
diff --git a/kerberosIV/kdb_edit/kdb_edit.c b/kerberosIV/kdb_edit/kdb_edit.c
deleted file mode 100644
index 8f3d42fd9a6..00000000000
--- a/kerberosIV/kdb_edit/kdb_edit.c
+++ /dev/null
@@ -1,433 +0,0 @@
-/* $OpenBSD: kdb_edit.c,v 1.4 1997/12/17 10:21:26 art Exp $ */
-/* $KTH: kdb_edit.c,v 1.25 1997/05/07 01:34:05 assar Exp $ */
-
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
-
-/*
- * This routine changes the Kerberos encryption keys for principals,
- * i.e., users or services.
- */
-
-/*
- * exit returns 0 ==> success -1 ==> error
- */
-
-#include "adm_locl.h"
-
-#ifdef DEBUG
-extern kerb_debug;
-#endif
-
-#define zaptime(foo) memset((foo), 0, sizeof(*(foo)))
-
-static int nflag = 0;
-static int debug;
-
-static des_cblock new_key;
-
-static int i, j;
-static int more;
-
-static char input_name[ANAME_SZ];
-static char input_instance[INST_SZ];
-
-#define MAX_PRINCIPAL 10
-static Principal principal_data[MAX_PRINCIPAL];
-
-static Principal old_principal;
-static Principal default_princ;
-
-static des_cblock master_key;
-static des_cblock session_key;
-static des_key_schedule master_key_schedule;
-static char pw_str[255];
-static long master_key_version;
-
-static char progname[]="kdb_edit";
-
-time_t
-tm2time (struct tm tm, int local)
-{
- time_t t;
-
- tm.tm_isdst = -1;
-
- t = mktime (&tm);
-
- if (!local)
- t += t - mktime (gmtime (&t));
- return t;
-}
-
-static void
-Usage(void)
-{
- fprintf(stderr, "Usage: %s [-n]\n", progname);
- exit(1);
-}
-
-static char *
-n_gets(char *buf, int size)
-{
- char *p;
- char *ret;
- ret = fgets(buf, size, stdin);
-
- if (ret && (p = strchr(buf, '\n')))
- *p = 0;
- return ret;
-}
-
-
-static int
-change_principal(void)
-{
- static char temp[255];
- int creating = 0;
- int editpw = 0;
- int changed = 0;
- long temp_long; /* Don't change to int32_t, used by scanf */
- int n;
- struct tm *tp, edate;
-
- fprintf(stdout, "\nPrincipal name: ");
- fflush(stdout);
- if (!n_gets(input_name, sizeof(input_name)) || *input_name == '\0')
- return 0;
- fprintf(stdout, "Instance: ");
- fflush(stdout);
- /* instance can be null */
- n_gets(input_instance, sizeof(input_instance));
- j = kerb_get_principal(input_name, input_instance, principal_data,
- MAX_PRINCIPAL, &more);
- if (!j) {
- fprintf(stdout, "\n\07\07<Not found>, Create [y] ? ");
- fflush(stdout);
- n_gets(temp, sizeof(temp)); /* Default case should work, it didn't */
- if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0')
- return -1;
- /* make a new principal, fill in defaults */
- j = 1;
- creating = 1;
- strncpy(principal_data[0].name, input_name, ANAME_SZ - 1);
- principal_data[0].name[ANAME_SZ - 1] = '\0';
- strncpy(principal_data[0].instance, input_instance, INST_SZ - 1);
- principal_data[0].instance[INST_SZ - 1] = '\0';
-
- principal_data[0].old = NULL;
- principal_data[0].exp_date = default_princ.exp_date;
- if (strcmp(input_instance, "admin") == 0)
- principal_data[0].max_life = 1 + (CLOCK_SKEW/(5*60)); /*5+5 minutes*/
- else if (strcmp(input_instance, "root") == 0)
- principal_data[0].max_life = 96; /* 8 hours */
- else
- principal_data[0].max_life = default_princ.max_life;
- principal_data[0].attributes = default_princ.attributes;
- principal_data[0].kdc_key_ver = (unsigned char) master_key_version;
- principal_data[0].key_version = 0; /* bumped up later */
- }
- tp = k_localtime(&principal_data[0].exp_date);
- snprintf(principal_data[0].exp_date_txt,
- sizeof(principal_data[0].exp_date_txt),
- "%4d-%02d-%02d",
- tp->tm_year + 1900,
- tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
- for (i = 0; i < j; i++) {
- for (;;) {
- fprintf(stdout,
- "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d",
- principal_data[i].name, principal_data[i].instance,
- principal_data[i].kdc_key_ver);
- fflush(stdout);
- editpw = 1;
- changed = 0;
- if (!creating) {
- /*
- * copy the existing data so we can use the old values
- * for the qualifier clause of the replace
- */
- principal_data[i].old = (char *) &old_principal;
- memcpy(&old_principal, &principal_data[i],
- sizeof(old_principal));
- printf("\nChange password [n] ? ");
- n_gets(temp, sizeof(temp));
- if (strcmp("y", temp) && strcmp("Y", temp))
- editpw = 0;
- }
- /* password */
- if (editpw) {
-#ifdef NOENCRYPTION
- placebo_read_pw_string(pw_str, sizeof pw_str,
- "\nNew Password: ", TRUE);
-#else
- if(des_read_pw_string(pw_str, sizeof pw_str,
- "\nNew Password: ", TRUE))
- continue;
-#endif
- if ( strcmp(pw_str, "RANDOM") == 0
- || strcmp(pw_str, "") == 0) {
- printf("\nRandom password [y] ? ");
- n_gets(temp, sizeof(temp));
- if (!strcmp("n", temp) || !strcmp("N", temp)) {
- /* no, use literal */
-#ifdef NOENCRYPTION
- memset(new_key, 0, sizeof(des_cblock));
- new_key[0] = 127;
-#else
- des_string_to_key(pw_str, &new_key);
-#endif
- memset(pw_str, 0, sizeof pw_str); /* "RANDOM" */
- } else {
-#ifdef NOENCRYPTION
- memset(new_key, 0, sizeof(des_cblock));
- new_key[0] = 127;
-#else
- des_new_random_key(&new_key);
-#endif
- memset(pw_str, 0, sizeof pw_str);
- }
- } else if (!strcmp(pw_str, "NULL")) {
- printf("\nNull Key [y] ? ");
- n_gets(temp, sizeof(temp));
- if (!strcmp("n", temp) || !strcmp("N", temp)) {
- /* no, use literal */
-#ifdef NOENCRYPTION
- memset(new_key, 0, sizeof(des_cblock));
- new_key[0] = 127;
-#else
- des_string_to_key(pw_str, &new_key);
-#endif
- memset(pw_str, 0, sizeof pw_str); /* "NULL" */
- } else {
-
- principal_data[i].key_low = 0;
- principal_data[i].key_high = 0;
- goto null_key;
- }
- } else {
-#ifdef NOENCRYPTION
- memset(new_key, 0, sizeof(des_cblock));
- new_key[0] = 127;
-#else
- des_string_to_key(pw_str, &new_key);
-#endif
- memset(pw_str, 0, sizeof pw_str);
- }
-
- /* seal it under the kerberos master key */
- kdb_encrypt_key (&new_key, &new_key,
- &master_key, master_key_schedule,
- DES_ENCRYPT);
- copy_from_key(new_key,
- &principal_data[i].key_low,
- &principal_data[i].key_high);
- memset(new_key, 0, sizeof(new_key));
- null_key:
- /* set master key version */
- principal_data[i].kdc_key_ver =
- (unsigned char) master_key_version;
- /* bump key version # */
- principal_data[i].key_version++;
- fprintf(stdout,
- "\nPrincipal's new key version = %d\n",
- principal_data[i].key_version);
- fflush(stdout);
- changed = 1;
- }
- /* expiration date */
- fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
- principal_data[i].exp_date_txt);
- fflush(stdout);
- zaptime(&edate);
- while (n_gets(temp, sizeof(temp)) && ((n = strlen(temp)) >
- sizeof(principal_data[0].exp_date_txt))) {
- bad_date:
- fprintf(stdout, "\07\07Date Invalid\n");
- fprintf(stdout,
- "Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
- principal_data[i].exp_date_txt);
- fflush(stdout);
- zaptime(&edate);
- }
-
- if (*temp) {
- if (sscanf(temp, "%d-%d-%d", &edate.tm_year,
- &edate.tm_mon, &edate.tm_mday) != 3)
- goto bad_date;
- edate.tm_mon--; /* January is 0, not 1 */
- edate.tm_hour = 23; /* nearly midnight at the end of the */
- edate.tm_min = 59; /* specified day */
- if (krb_check_tm (edate))
- goto bad_date;
- edate.tm_year -= 1900;
- temp_long = tm2time (edate, 1);
- strcpy(principal_data[i].exp_date_txt, temp);
- principal_data[i].exp_date = temp_long;
- changed = 1;
- }
-
- /* maximum lifetime */
- fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ",
- principal_data[i].max_life);
- fflush(stdout);
- while (n_gets(temp, sizeof(temp)) && *temp) {
- if (sscanf(temp, "%ld", &temp_long) != 1)
- goto bad_life;
- if (temp_long > 255 || (temp_long < 0)) {
- bad_life:
- fprintf(stdout, "\07\07Invalid, choose 0-255\n");
- fprintf(stdout,
- "Max ticket lifetime (*5 minutes) [ %d ] ? ",
- principal_data[i].max_life);
- fflush(stdout);
- continue;
- }
- changed = 1;
- /* dont clobber */
- principal_data[i].max_life = (unsigned short) temp_long;
- break;
- }
-
- /* attributes */
- fprintf(stdout, "Attributes [ %d ] ? ",
- principal_data[i].attributes);
- fflush(stdout);
- while (n_gets(temp, sizeof(temp)) && *temp) {
- if (sscanf(temp, "%ld", &temp_long) != 1)
- goto bad_att;
- if (temp_long > 65535 || (temp_long < 0)) {
- bad_att:
- fprintf(stdout, "\07\07Invalid, choose 0-65535\n");
- fprintf(stdout, "Attributes [ %d ] ? ",
- principal_data[i].attributes);
- fflush(stdout);
- continue;
- }
- changed = 1;
- /* dont clobber */
- principal_data[i].attributes =
- (unsigned short) temp_long;
- break;
- }
-
- /*
- * remaining fields -- key versions and mod info, should
- * not be directly manipulated
- */
- if (changed) {
- if (kerb_put_principal(&principal_data[i], 1)) {
- fprintf(stdout,
- "\nError updating Kerberos database");
- } else {
- fprintf(stdout, "Edit O.K.");
- }
- } else {
- fprintf(stdout, "Unchanged");
- }
-
-
- memset(&principal_data[i].key_low, 0, 4);
- memset(&principal_data[i].key_high, 0, 4);
- fflush(stdout);
- break;
- }
- }
- if (more) {
- fprintf(stdout, "\nThere were more tuples found ");
- fprintf(stdout, "than there were space for");
- }
- return 1;
-}
-
-static void
-cleanup(void)
-{
-
- memset(master_key, 0, sizeof(master_key));
- memset(session_key, 0, sizeof(session_key));
- memset(master_key_schedule, 0, sizeof(master_key_schedule));
- memset(principal_data, 0, sizeof(principal_data));
- memset(new_key, 0, sizeof(new_key));
- memset(pw_str, 0, sizeof(pw_str));
-}
-
-int
-main(int argc, char **argv)
-{
- /* Local Declarations */
-
- long n;
-
- while (--argc > 0 && (*++argv)[0] == '-')
- for (i = 1; argv[0][i] != '\0'; i++) {
- switch (argv[0][i]) {
-
- /* debug flag */
- case 'd':
- debug = 1;
- continue;
-
- /* debug flag */
-#ifdef DEBUG
- case 'l':
- kerb_debug |= 1;
- continue;
-#endif
- case 'n': /* read MKEYFILE for master key */
- nflag = 1;
- continue;
-
- default:
- warnx ("illegal flag \"%c\"", argv[0][i]);
- Usage(); /* Give message and die */
- }
- }
-
- fprintf(stdout, "Opening database...\n");
- fflush(stdout);
- kerb_init();
- if (argc > 0)
- if (kerb_db_set_name(*argv) != 0)
- errx (1, "Could not open altername database name");
-
- if (kdb_get_master_key ((nflag == 0) ? KDB_GET_PROMPT : 0,
- &master_key, master_key_schedule) != 0)
- errx (1, "Couldn't read master key.");
-
- if ((master_key_version = kdb_verify_master_key(&master_key,
- master_key_schedule,
- stdout)) < 0)
- return 1;
-
- /* Initialize non shared random sequence */
- des_init_random_number_generator(&master_key);
-
- /* lookup the default values */
- n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
- &default_princ, 1, &more);
- if (n != 1)
- errx (1, "Kerberos error on default value lookup, %ld found.", n);
- fprintf(stdout, "Previous or default values are in [brackets] ,\n");
- fprintf(stdout, "enter return to leave the same, or new value.\n");
-
- while (change_principal()) {
- }
-
- cleanup();
- return 0;
-}
diff --git a/kerberosIV/kdb_init/Makefile b/kerberosIV/kdb_init/Makefile
deleted file mode 100644
index 17071789b4c..00000000000
--- a/kerberosIV/kdb_init/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.1 1995/12/14 06:52:42 tholo Exp $
-
-PROG= kdb_init
-DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES}
-LDADD= -lkdb -lkrb -ldes
-MAN= kdb_init.8
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kdb_init/kdb_init.8 b/kerberosIV/kdb_init/kdb_init.8
deleted file mode 100644
index 156d9fe2272..00000000000
--- a/kerberosIV/kdb_init/kdb_init.8
+++ /dev/null
@@ -1,63 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kdb_init.8,v 1.4 1998/02/25 15:50:48 art Exp $
-.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kdb_init \- Initialize Kerberos key distribution center database
-.SH SYNOPSIS
-kdb_init [
-.B realm
-]
-.SH DESCRIPTION
-.I kdb_init
-initializes a Kerberos key distribution center database, creating the
-necessary principals.
-.PP
-If the optional
-.I realm
-argument is not present,
-.I kdb_init
-prompts for a realm name (defaulting to the definition in /usr/include/kerberosIV/krb.h).
-After determining the realm to be created, it prompts for
-a master key password. The master key password is used to encrypt
-every encryption key stored in the database.
-.SH DIAGNOSTICS
-.TP 20n
-"/etc/kerberosIV/principal: File exists"
-An attempt was made to create a database on a machine which already had
-an existing database.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.pag, /etc/kerberosIV/principal.dir
-DBM files containing database
-.TP
-/usr/include/kerberosIV/krb.h
-Include file defining default realm
-.SH SEE ALSO
-kdb_destroy(8)
diff --git a/kerberosIV/kdb_init/kdb_init.c b/kerberosIV/kdb_init/kdb_init.c
deleted file mode 100644
index fe3eec833f0..00000000000
--- a/kerberosIV/kdb_init/kdb_init.c
+++ /dev/null
@@ -1,196 +0,0 @@
-/* $OpenBSD: kdb_init.c,v 1.5 1999/08/20 11:00:32 art Exp $ */
-/* $KTH: kdb_init.c,v 1.23 1997/03/30 17:45:05 assar Exp $ */
-
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
-
-/*
- * program to initialize the database, reports error if database file
- * already exists.
- */
-
-#include "adm_locl.h"
-
-enum ap_op {
- NULL_KEY, /* setup null keys */
- MASTER_KEY, /* use master key as new key */
- RANDOM_KEY /* choose a random key */
-};
-
-static des_cblock master_key;
-static des_key_schedule master_key_schedule;
-
-static char progname[]="kdb_init";
-
-/* use a return code to indicate success or failure. check the return */
-/* values of the routines called by this routine. */
-
-static int
-add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
-{
- Principal principal;
- struct tm *tm;
- des_cblock new_key;
-
- memset(&principal, 0, sizeof(principal));
- strncpy(principal.name, name, ANAME_SZ - 1);
- principal.name[ANAME_SZ - 1] = '\0';
- strncpy(principal.instance, instance, INST_SZ - 1);
- principal.instance[INST_SZ - 1] = '\0';
-
- switch (aap_op) {
- case NULL_KEY:
- principal.key_low = 0;
- principal.key_high = 0;
- break;
- case RANDOM_KEY:
-#ifdef NOENCRYPTION
- memset(new_key, 0, sizeof(des_cblock));
- new_key[0] = 127;
-#else
- des_new_random_key(&new_key);
-#endif
- kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
- DES_ENCRYPT);
- copy_from_key(new_key, &principal.key_low, &principal.key_high);
- memset(new_key, 0, sizeof(new_key));
- break;
- case MASTER_KEY:
- memcpy(new_key, master_key, sizeof (des_cblock));
- kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
- DES_ENCRYPT);
- copy_from_key(new_key, &principal.key_low, &principal.key_high);
- break;
- }
- principal.mod_date = time(0);
- principal.exp_date = KDBINIT_EXPDATE;
- strncpy(principal.exp_date_txt, KDBINIT_EXPDATE_TXT, DATE_SZ);
-
- tm = k_localtime(&principal.mod_date);
- principal.attributes = 0;
- principal.max_life = maxlife;
-
- principal.kdc_key_ver = 1;
- principal.key_version = 1;
-
- strncpy(principal.mod_name, "db_creation", ANAME_SZ - 1);
- principal.mod_name[ANAME_SZ - 1] = '\0';
- strncpy(principal.mod_instance, "", INST_SZ - 1);
- principal.mod_instance[INST_SZ - 1] = '\0';
- principal.old = 0;
-
- if (kerb_db_put_principal(&principal, 1) != 1)
- return -1; /* FAIL */
-
- /* let's play it safe */
- memset(new_key, 0, sizeof (des_cblock));
- memset(&principal.key_low, 0, 4);
- memset(&principal.key_high, 0, 4);
- return 0;
-}
-
-int
-main(int argc, char **argv)
-{
- char realm[REALM_SZ];
- char *cp;
- int code;
- char *database;
-
- if (argc > 3) {
- fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", progname);
- return 1;
- }
- if (argc == 3) {
- database = argv[2];
- --argc;
- } else
- database = DBM_FILE;
-
- /* Do this first, it'll fail if the database exists */
- if ((code = kerb_db_create(database)) != 0)
- err (1, "Couldn't create database %s", database);
- kerb_db_set_name(database);
-
- if (argc == 2)
- strncpy(realm, argv[1], REALM_SZ);
- else {
- if (krb_get_lrealm(realm, 1) != KSUCCESS) {
- strncpy(realm, KRB_REALM, REALM_SZ - 1);
- realm[REALM_SZ - 1] = '\0';
- }
- fprintf(stderr, "Realm name [default %s ]: ", realm);
- if (fgets(realm, sizeof(realm), stdin) == NULL)
- errx (1, "\nEOF reading realm");
- if ((cp = strchr(realm, '\n')))
- *cp = '\0';
- if (!*realm) /* no realm given */
- if (krb_get_lrealm(realm, 1) != KSUCCESS) {
- strncpy(realm, KRB_REALM, REALM_SZ - 1);
- realm[REALM_SZ - 1] = '\0';
- }
- }
- if (!k_isrealm(realm))
- errx (1, "Bad kerberos realm name \"%s\"", realm);
-#ifndef RANDOM_MKEY
- printf("You will be prompted for the database Master Password.\n");
- printf("It is important that you NOT FORGET this password.\n");
-#else
- printf("To generate a master key, please enter some random data.\n");
- printf("You do not have to remember this.\n");
-#endif
- fflush(stdout);
-
- if (kdb_get_master_key (KDB_GET_TWICE, &master_key,
- master_key_schedule) != 0)
- errx (1, "Couldn't read master key.");
-
-#ifdef RANDOM_MKEY
- if(kdb_kstash(&master_key, MKEYFILE) < 0)
- err (1, "Error writing master key");
- fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
-#endif
-
- /* Initialize non shared random sequence */
- des_init_random_number_generator(&master_key);
-
- /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */
-#define ADMLIFE (1 + (CLOCK_SKEW/(5*60)))
-
- /* Maximum lifetime for ticket granting tickets, 4 days or 21.25h */
-#define TGTLIFE ((krb_life_to_time(0, 162) >= 24*60*60) ? 161 : 255)
-
- /* This means that default lifetimes have not been initialized */
-#define DEFLIFE 255
-
-#define NOLIFE 0
-
- if (
- add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY, NOLIFE) ||
- add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY,DEFLIFE)||
- add_principal(KRB_TICKET_GRANTING_TICKET, realm, RANDOM_KEY, TGTLIFE)||
- add_principal(PWSERV_NAME, KRB_MASTER, RANDOM_KEY, ADMLIFE)
- ) {
- putc ('\n', stderr);
- errx (1, "couldn't initialize database.");
- }
-
- /* play it safe */
- memset(master_key, 0, sizeof (des_cblock));
- memset(master_key_schedule, 0, sizeof (des_key_schedule));
- return 0;
-}
diff --git a/kerberosIV/kdb_util/Makefile b/kerberosIV/kdb_util/Makefile
deleted file mode 100644
index 1daf3010ee2..00000000000
--- a/kerberosIV/kdb_util/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.2 1997/12/18 08:50:14 art Exp $
-
-PROG= kdb_util
-SRCS= kdb_util.c
-.PATH: ${.CURDIR}/../kdb_edit
-DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES}
-LDADD= -lkdb -lkrb -ldes
-MAN= kdb_util.8
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kdb_util/kdb_util.8 b/kerberosIV/kdb_util/kdb_util.8
deleted file mode 100644
index 0a0cb4e6a53..00000000000
--- a/kerberosIV/kdb_util/kdb_util.8
+++ /dev/null
@@ -1,86 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kdb_util.8,v 1.4 1998/02/25 15:50:50 art Exp $
-.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kdb_util \- Kerberos key distribution center database utility
-.SH SYNOPSIS
-kdb_util
-.B operation filename
-.SH DESCRIPTION
-.I kdb_util
-allows the Kerberos key distribution center (KDC) database administrator to
-perform utility functions on the database.
-.PP
-.I Operation
-must be one of the following:
-.TP 10n
-.I load
-initializes the KDC database with the records described by the
-text contained in the file
-.IR filename .
-Any existing database is overwritten.
-.TP
-.I dump
-dumps the KDC database into a text representation in the file
-.IR filename .
-.TP
-.I slave_dump
-performs a database dump like the
-.I dump
-operation, and additionally creates a semaphore file signalling the
-propagation software that an update is available for distribution to
-slave KDC databases.
-.TP
-.I new_master_key
-prompts for the old and new master key strings, and then dumps the KDC
-database into a text representation in the file
-.IR filename .
-The keys in the text representation are encrypted in the new master key.
-.TP
-.I convert_old_db
-prompts for the master key string, and then dumps the KDC database into
-a text representation in the file
-.IR filename .
-The existing database is assumed to be encrypted using the old format
-(encrypted by the key schedule of the master key); the dumped database
-is encrypted using the new format (encrypted directly with master key).
-.PP
-.SH DIAGNOSTICS
-.TP 20n
-"verify_master_key: Invalid master key, does not match database."
-The master key string entered was incorrect.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.pag, /etc/kerberosIV/principal.dir
-DBM files containing database
-.TP
-.IR filename .ok
-semaphore file created by
-.IR slave_dump.
diff --git a/kerberosIV/kdb_util/kdb_util.c b/kerberosIV/kdb_util/kdb_util.c
deleted file mode 100644
index a3bad3b0665..00000000000
--- a/kerberosIV/kdb_util/kdb_util.c
+++ /dev/null
@@ -1,552 +0,0 @@
-/* $OpenBSD: kdb_util.c,v 1.6 1998/05/15 01:03:20 art Exp $ */
-/* $KTH: kdb_util.c,v 1.36 1997/12/05 04:21:50 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1987, 1988 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Kerberos database manipulation utility. This program allows you to
- * dump a kerberos database to an ascii readable file and load this
- * file into the database. Read locking of the database is done during a
- * dump operation. NO LOCKING is done during a load operation. Loads
- * should happen with other processes shutdown.
- *
- * Written July 9, 1987 by Jeffrey I. Schiller
- */
-
-#include "adm_locl.h"
-
-static des_cblock master_key, new_master_key;
-static des_key_schedule master_key_schedule, new_master_key_schedule;
-
-#define zaptime(foo) memset((foo), 0, sizeof(*(foo)))
-
-/* cv_key is a procedure which takes a principle and changes its key,
- either for a new method of encrypting the keys, or a new master key.
- if cv_key is null no transformation of key is done (other than net byte
- order). */
-
-struct callback_args {
- void (*cv_key)(Principal *);
- FILE *output_file;
-};
-
-time_t
-tm2time (struct tm tm, int local)
-{
- time_t t;
-
- tm.tm_isdst = -1;
-
- t = mktime (&tm);
-
- if (!local)
- t += t - mktime (gmtime (&t));
- return t;
-}
-
-static void
-print_time(FILE *file, time_t timeval)
-{
- struct tm *tm;
- tm = gmtime(&timeval);
- fprintf(file, " %04d%02d%02d%02d%02d",
- tm->tm_year + 1900,
- tm->tm_mon + 1,
- tm->tm_mday,
- tm->tm_hour,
- tm->tm_min);
-}
-
-static time_t
-time_explode(char *cp)
-{
- char wbuf[5];
- struct tm tp;
- int local;
-
- if (cp == NULL)
- return -1;
-
- zaptime(&tp); /* clear out the struct */
-
- if (strlen(cp) > 10) { /* new format */
- strncpy(wbuf, cp, 4);
- wbuf[4] = 0;
- tp.tm_year = atoi(wbuf) - 1900;
- cp += 4; /* step over the year */
- local = 0; /* GMT */
- } else { /* old format: local time,
- year is 2 digits, assuming 19xx */
- wbuf[0] = *cp++;
- wbuf[1] = *cp++;
- wbuf[2] = 0;
- tp.tm_year = atoi(wbuf);
- local = 1; /* local */
- }
-
- wbuf[0] = *cp++;
- wbuf[1] = *cp++;
- wbuf[2] = 0;
- tp.tm_mon = atoi(wbuf)-1;
-
- wbuf[0] = *cp++;
- wbuf[1] = *cp++;
- tp.tm_mday = atoi(wbuf);
-
- wbuf[0] = *cp++;
- wbuf[1] = *cp++;
- tp.tm_hour = atoi(wbuf);
-
- wbuf[0] = *cp++;
- wbuf[1] = *cp++;
- tp.tm_min = atoi(wbuf);
-
-
- return(tm2time(tp, local));
-}
-
-static int
-dump_db_1(void *arg, Principal *principal)
-{ /* replace null strings with "*" */
- struct callback_args *a = (struct callback_args *)arg;
-
- if (principal == NULL)
- return -1;
-
- if (principal->instance[0] == '\0') {
- principal->instance[0] = '*';
- principal->instance[1] = '\0';
- }
- if (principal->mod_name[0] == '\0') {
- principal->mod_name[0] = '*';
- principal->mod_name[1] = '\0';
- }
- if (principal->mod_instance[0] == '\0') {
- principal->mod_instance[0] = '*';
- principal->mod_instance[1] = '\0';
- }
- if (a->cv_key != NULL) {
- (*a->cv_key) (principal);
- }
- fprintf(a->output_file, "%s %s %d %d %d %d %x %x",
- principal->name,
- principal->instance,
- principal->max_life,
- principal->kdc_key_ver,
- principal->key_version,
- principal->attributes,
- (int)htonl (principal->key_low),
- (int)htonl (principal->key_high));
- print_time(a->output_file, principal->exp_date);
- print_time(a->output_file, principal->mod_date);
- fprintf(a->output_file, " %s %s\n",
- principal->mod_name,
- principal->mod_instance);
- return 0;
-}
-
-static int
-dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *))
-{
- struct callback_args a;
-
- a.cv_key = cv_key;
- a.output_file = output_file;
-
- kerb_db_iterate ((k_iter_proc_t)dump_db_1, &a);
- return fflush(output_file);
-}
-
-static int
-add_file(void *db, FILE *file)
-{
- int ret;
- int lineno = 0;
- char line[1024];
- unsigned long key[2]; /* yes, long */
- Principal pr;
- char *format = NULL;
-
- char exp_date[64], mod_date[64];
-
- int life, kkvno, kvno;
-
- while(1){
- memset(&pr, 0, sizeof(pr));
- errno = 0;
- if(fgets(line, sizeof(line), file) == NULL){
- if(errno != 0)
- err (1, "fgets");
- break;
- }
- lineno++;
-
- asprintf(&format,
- "%%%ds %%%ds %%d %%d %%d %%hd %%lx %%lx %%%ds %%%ds %%%ds %%%ds",
- ANAME_SZ - 1, INST_SZ - 1, sizeof(exp_date) - 1,
- sizeof(mod_date) - 1, ANAME_SZ - 1, INST_SZ - 1);
-
- if (format == NULL)
- err(1, "malloc");
-
- ret = sscanf(line, format,
- pr.name, pr.instance,
- &life, &kkvno, &kvno,
- &pr.attributes,
- &key[0], &key[1],
- exp_date, mod_date,
- pr.mod_name, pr.mod_instance);
-
- free(format);
- format = NULL;
-
- if(ret != 12){
- warnx("Line %d malformed (ignored)", lineno);
- continue;
- }
- pr.key_low = ntohl (key[0]);
- pr.key_high = ntohl (key[1]);
- pr.max_life = life;
- pr.kdc_key_ver = kkvno;
- pr.key_version = kvno;
- pr.exp_date = time_explode(exp_date);
- pr.mod_date = time_explode(mod_date);
- if (pr.instance[0] == '*')
- pr.instance[0] = 0;
- if (pr.mod_name[0] == '*')
- pr.mod_name[0] = 0;
- if (pr.mod_instance[0] == '*')
- pr.mod_instance[0] = 0;
- if (kerb_db_update(db, &pr, 1) != 1) {
- warn ("store %s.%s aborted",
- pr.name, pr.instance);
- return 1;
- }
- }
- return 0;
-}
-
-static void
-load_db (char *db_file, FILE *input_file)
-{
- long *db;
- int code;
- char *temp_db_file;
-
- asprintf (&temp_db_file, "%s~", db_file);
- if(temp_db_file == NULL)
- errx (1, "out of memory");
-
- /* Create the database */
- if ((code = kerb_db_create(temp_db_file)) != 0)
- err (1, "creating temp database %s", temp_db_file);
- kerb_db_set_name(temp_db_file);
- db = kerb_db_begin_update();
- if (db == NULL)
- err (1, "opening temp database %s", temp_db_file);
-
- if(add_file(db, input_file))
- errx (1, "Load aborted");
-
- kerb_db_end_update(db);
- if ((code = kerb_db_rename(temp_db_file, db_file)) != 0)
- warn("database rename failed");
- fclose(input_file);
- free(temp_db_file);
-}
-
-static void
-merge_db(char *db_file, FILE *input_file)
-{
- void *db;
-
- db = kerb_db_begin_update();
- if(db == NULL)
- err (1, "Couldn't open database");
- if(add_file(db, input_file))
- errx (1, "Merge aborted");
- kerb_db_end_update(db);
-}
-
-static void
-update_ok_file (char *file_name)
-{
- /* handle slave locking/failure stuff */
- char *file_ok;
- int fd;
- static char ok[]=".dump_ok";
-
- asprintf (&file_ok, "%s%s", file_name, ok);
- if (file_ok == NULL)
- errx (1, "out of memory");
- if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0)
- err (1, "Error creating %s", file_ok);
- free(file_ok);
- close(fd);
-}
-
-static void
-convert_key_new_master (Principal *p)
-{
- des_cblock key;
-
- /* leave null keys alone */
- if ((p->key_low == 0) && (p->key_high == 0)) return;
-
- /* move current key to des_cblock for encryption, special case master key
- since that's changing */
- if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) &&
- (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) {
- memcpy (key, new_master_key, sizeof(des_cblock));
- (p->key_version)++;
- } else {
- copy_to_key(&p->key_low, &p->key_high, key);
- kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_DECRYPT);
- }
-
- kdb_encrypt_key (&key, &key, &new_master_key, new_master_key_schedule, DES_ENCRYPT);
-
- copy_from_key(key, &(p->key_low), &(p->key_high));
- memset(key, 0, sizeof (key)); /* a little paranoia ... */
-
- (p->kdc_key_ver)++;
-}
-
-static void
-clear_secrets (void)
-{
- memset(master_key, 0, sizeof (des_cblock));
- memset(master_key_schedule, 0, sizeof (des_key_schedule));
- memset(new_master_key, 0, sizeof (des_cblock));
- memset(new_master_key_schedule, 0, sizeof (des_key_schedule));
-}
-
-static void
-convert_new_master_key (char *db_file, FILE *out)
-{
-#ifdef RANDOM_MKEY
- errx (1, "Sorry, this function is not available with "
- "the new master key scheme.");
-#else
- printf ("\n\nEnter the CURRENT master key.");
- if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
- master_key_schedule) != 0) {
- errx (1, "Couldn't get master key.");
- }
-
- if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
- exit (1);
- }
-
- printf ("\n\nNow enter the NEW master key. Do not forget it!!");
- if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key,
- new_master_key_schedule) != 0) {
- errx (1, "Couldn't get new master key.");
- }
-
- dump_db (db_file, out, convert_key_new_master);
- {
- char fname[128];
- snprintf(fname, sizeof(fname), "%s.new", MKEYFILE);
- kdb_kstash(&new_master_key, fname);
- }
-#endif /* RANDOM_MKEY */
-}
-
-static void
-convert_key_old_db (Principal *p)
-{
- des_cblock key;
-
- /* leave null keys alone */
- if ((p->key_low == 0) && (p->key_high == 0)) return;
-
- copy_to_key(&p->key_low, &p->key_high, key);
-
-#ifndef NOENCRYPTION
- des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key,
- (long)sizeof(des_cblock),master_key_schedule,
- (des_cblock *)master_key_schedule, DES_DECRYPT);
-#endif
-
- /* make new key, new style */
- kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT);
-
- copy_from_key(key, &(p->key_low), &(p->key_high));
- memset(key, 0, sizeof (key)); /* a little paranoia ... */
-}
-
-static void
-convert_old_format_db (char *db_file, FILE *out)
-{
- des_cblock key_from_db;
- Principal principal_data[1];
- int n, more;
-
- if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
- master_key_schedule) != 0L) {
- errx (1, "Couldn't get master key.");
- }
-
- /* can't call kdb_verify_master_key because this is an old style db */
- /* lookup the master key version */
- n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
- 1 /* only one please */, &more);
- if ((n != 1) || more)
- errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n);
-
- /* set up the master key */
- fprintf(stderr, "Current Kerberos master key version is %d.\n",
- principal_data[0].kdc_key_ver);
-
- /*
- * now use the master key to decrypt (old style) the key in the db, had better
- * be the same!
- */
- copy_to_key(&principal_data[0].key_low,
- &principal_data[0].key_high,
- key_from_db);
-#ifndef NOENCRYPTION
- des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db),
- master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT);
-#endif
- /* the decrypted database key had better equal the master key */
-
- n = memcmp(master_key, key_from_db, sizeof(master_key));
- memset(key_from_db, 0, sizeof(key_from_db));
-
- if (n) {
- fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, ");
- fprintf(stderr, "does not match database.\n");
- exit (1);
- }
-
- fprintf(stderr, "Master key verified.\n");
-
- dump_db (db_file, out, convert_key_old_db);
-}
-
-int
-main(int argc, char **argv)
-{
- int ret;
- FILE *file;
- enum {
- OP_LOAD,
- OP_MERGE,
- OP_DUMP,
- OP_SLAVE_DUMP,
- OP_NEW_MASTER,
- OP_CONVERT_OLD_DB
- } op;
- char *file_name;
- char *db_name;
-
- atexit(clear_secrets);
-
- if (argc != 3 && argc != 4) {
- fprintf(stderr, "Usage: %s operation file [database name].\n",
- argv[0]);
- fprintf(stderr, "Operation is one of: "
- "load, merge, dump, slave_dump, new_master_key, "
- "convert_old_db\n");
- exit(1);
- }
- if (argc == 3)
- db_name = DBM_FILE;
- else
- db_name = argv[3];
-
- ret = kerb_db_set_name (db_name);
-
- /* this makes starting slave servers ~14.3 times easier */
- if(ret && strcmp(argv[1], "load") == 0)
- ret = kerb_db_create (db_name);
-
- if(ret)
- err (1, "Can't open database");
-
- if (!strcmp(argv[1], "load"))
- op = OP_LOAD;
- else if (!strcmp(argv[1], "merge"))
- op = OP_MERGE;
- else if (!strcmp(argv[1], "dump"))
- op = OP_DUMP;
- else if (!strcmp(argv[1], "slave_dump"))
- op = OP_SLAVE_DUMP;
- else if (!strcmp(argv[1], "new_master_key"))
- op = OP_NEW_MASTER;
- else if (!strcmp(argv[1], "convert_old_db"))
- op = OP_CONVERT_OLD_DB;
- else {
- warnx ("%s is an invalid operation.", argv[1]);
- warnx ("Valid operations are \"load\", \"merge\", "
- "\"dump\", \"slave_dump\", \"new_master_key\", "
- "and \"convert_old_db\"");
- return 1;
- }
-
- file_name = argv[2];
- file = fopen(file_name, (op == OP_LOAD || op == OP_MERGE) ? "r" : "w");
- if (file == NULL)
- err (1, "open %s", argv[2]);
-
- switch (op) {
- case OP_DUMP:
- if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
- (fclose(file) == EOF))
- err (1, "%s", file_name);
- break;
- case OP_SLAVE_DUMP:
- if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
- (fclose(file) == EOF))
- err (1, "%s", file_name);
- update_ok_file (file_name);
- break;
- case OP_LOAD:
- load_db (db_name, file);
- break;
- case OP_MERGE:
- merge_db (db_name, file);
- break;
- case OP_NEW_MASTER:
- convert_new_master_key (db_name, file);
- printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
- break;
- case OP_CONVERT_OLD_DB:
- convert_old_format_db (db_name, file);
- printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
- break;
- }
- return 0;
-}
diff --git a/kerberosIV/kdestroy/Makefile b/kerberosIV/kdestroy/Makefile
deleted file mode 100644
index 4ef04233e07..00000000000
--- a/kerberosIV/kdestroy/Makefile
+++ /dev/null
@@ -1,12 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-
-PROG= kdestroy
-SRCS= kdestroy.c
-.PATH: ${.CURDIR}/../roken
-SRCS+= getarg.c get_window_size.c
-DPADD= ${LIBKRB} ${LIBDES}
-LDADD= -lkrb -ldes -lkafs
-BINDIR= /usr/bin
-CFLAGS+= -I${.CURDIR}/../roken
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kdestroy/kdestroy.1 b/kerberosIV/kdestroy/kdestroy.1
deleted file mode 100644
index e21f2b42cd0..00000000000
--- a/kerberosIV/kdestroy/kdestroy.1
+++ /dev/null
@@ -1,103 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kdestroy.1,v 1.4 1998/02/25 15:50:53 art Exp $
-.TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kdestroy \- destroy Kerberos tickets
-.SH SYNOPSIS
-.B kdestroy
-[
-.B \-f
-]
-[
-.B \-q
-]
-.SH DESCRIPTION
-The
-.I kdestroy
-utility destroys the user's active
-Kerberos
-authorization tickets by writing zeros to the file that contains them.
-If the ticket file does not exist,
-.I kdestroy
-displays a message to that effect.
-.PP
-After overwriting the file,
-.I kdestroy
-removes the file from the system.
-The utility
-displays a message indicating the success or failure of the
-operation.
-If
-.I kdestroy
-is unable to destroy the ticket file,
-the utility will warn you by making your terminal beep.
-.PP
-In the Athena workstation environment,
-the
-.I toehold
-service automatically destroys your tickets when you
-end a workstation session.
-If your site does not provide a similar ticket-destroying mechanism,
-you can place the
-.I kdestroy
-command in your
-.I .logout
-file so that your tickets are destroyed automatically
-when you logout.
-.PP
-The options to
-.I kdestroy
-are as follows:
-.TP 7
-.B \-f
-.I kdestroy
-runs without displaying the status message.
-.TP
-.B \-q
-.I kdestroy
-will not make your terminal beep if it fails to destroy the tickets.
-.SH FILES
-KRBTKFILE environment variable if set, otherwise
-.br
-/tmp/tkt[uid]
-.SH SEE ALSO
-kerberos(1), kinit(1), klist(1)
-.SH BUGS
-.PP
-Only the tickets in the user's current ticket file are destroyed.
-Separate ticket files are used to hold root instance and password
-changing tickets. These files should probably be destroyed too, or
-all of a user's tickets kept in a single ticket file.
-.SH AUTHORS
-Steve Miller, MIT Project Athena/Digital Equipment Corporation
-.br
-Clifford Neuman, MIT Project Athena
-.br
-Bill Sommerfeld, MIT Project Athena
diff --git a/kerberosIV/kdestroy/kdestroy.c b/kerberosIV/kdestroy/kdestroy.c
deleted file mode 100644
index b6bd612a9ce..00000000000
--- a/kerberosIV/kdestroy/kdestroy.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* $OpenBSD: kdestroy.c,v 1.6 1998/08/12 23:39:40 art Exp $ */
-/* $KTH: kdestroy.c,v 1.10 1998/05/13 22:44:24 assar Exp $ */
-/*
- * Copyright (c) 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <fcntl.h>
-#include <time.h>
-#include <sys/stat.h>
-#include <kerberosIV/krb.h>
-#include <kerberosIV/kafs.h>
-#include <getarg.h>
-#include <err.h>
-
-int quiet_flag;
-#ifdef LEGACY_KDESTROY
-int unlog_flag;
-#else
-int unlog_flag = 1;
-#endif
-int help_flag;
-int version_flag;
-
-struct getargs args[] = {
- { "quiet", 'q', arg_flag, &quiet_flag,
- "don't print any messages" },
- { NULL, 'f', arg_flag, &quiet_flag },
-#ifdef LEGACY_KDESTROY
- { "unlog", 0, arg_flag, &unlog_flag,
- "destroy tokens" },
- { NULL, 't', arg_negative_flag, &unlog_flag,
- "don't destroy tokens (default)" },
-#else
- { "unlog", 't', arg_negative_flag, &unlog_flag,
- "don't destroy tokens" },
-#endif
- { "version", 0, arg_flag, &version_flag },
- { "help", 'h', arg_flag, &help_flag }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
- arg_printusage(args, num_args, "");
- exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
- int optind = 0;
- int ret;
-
- if(getarg(args, num_args, argc, argv, &optind))
- usage(1);
-
- if(help_flag)
- usage(0);
-
- if(version_flag)
- errx(0, "%s", krb4_version);
-
- ret = dest_tkt();
-
- if(unlog_flag && k_hasafs())
- k_unlog();
-
- if (quiet_flag) {
- if (ret != 0 && ret != RET_TKFIL)
- exit(1);
- else
- exit(0);
- }
- if (ret == 0)
- printf("Tickets destroyed.\n");
- else if (ret == RET_TKFIL)
- printf("No tickets to destroy.\n");
- else {
- printf("Tickets NOT destroyed.\n");
- exit(1);
- }
- exit(0);
-}
diff --git a/kerberosIV/kerberos/Makefile b/kerberosIV/kerberos/Makefile
deleted file mode 100644
index 57d77660778..00000000000
--- a/kerberosIV/kerberos/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.3 1998/01/23 08:32:07 art Exp $
-
-PROG= kerberos
-DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES}
-LDADD= -lkdb -lkrb -ldes
-MAN= kerberos.8
-
-BINDIR= /usr/libexec
-
-CFLAGS+=-I${.CURDIR}
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kerberos/kerberos.8 b/kerberosIV/kerberos/kerberos.8
deleted file mode 100644
index d69715977cd..00000000000
--- a/kerberosIV/kerberos/kerberos.8
+++ /dev/null
@@ -1,281 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kerberos.8,v 1.4 1998/02/25 15:50:56 art Exp $
-.TH KERBEROS 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kerberos \- introduction to the Kerberos system
-
-.SH DESCRIPTION
-The
-Kerberos
-system authenticates
-individual users in a network environment.
-After authenticating yourself to
-Kerberos,
-you can use network utilities such as
-.IR rlogin ,
-.IR rcp ,
-and
-.IR rsh
-without
-having to present passwords to remote hosts and without having to bother
-with
-.I \.rhosts
-files.
-Note that these utilities will work without passwords only if
-the remote machines you deal with
-support the
-Kerberos
-system.
-All Athena timesharing machines and public workstations support
-Kerberos.
-.PP
-Before you can use
-Kerberos,
-you must register as an Athena user,
-and you must make sure you have been added to
-the
-Kerberos
-database.
-You can use the
-.I kinit
-command to find out.
-This command
-tries to log you into the
-Kerberos
-system.
-.I kinit
-will prompt you for a username and password.
-Enter your username and password.
-If the utility lets you login without giving you a message,
-you have already been registered.
-.PP
-If you enter your username and
-.I kinit
-responds with this message:
-.nf
-
-Principal unknown (kerberos)
-
-.fi
-you haven't been registered as a
-Kerberos
-user.
-See your system administrator.
-.PP
-A Kerberos name contains three parts.
-The first is the
-.I principal name,
-which is usually a user's or service's name.
-The second is the
-.I instance,
-which in the case of a user is usually null.
-Some users may have privileged instances, however,
-such as ``root'' or ``admin''.
-In the case of a service, the instance is the
-name of the machine on which it runs; i.e. there
-can be an
-.I rlogin
-service running on the machine ABC, which
-is different from the rlogin service running on
-the machine XYZ.
-The third part of a Kerberos name
-is the
-.I realm.
-The realm corresponds to the Kerberos service providing
-authentication for the principal.
-For example, at MIT there is a Kerberos running at the
-Laboratory for Computer Science and one running at
-Project Athena.
-.PP
-When writing a Kerberos name, the principal name is
-separated from the instance (if not null) by a period,
-and the realm (if not the local realm) follows, preceded by
-an ``@'' sign.
-The following are examples of valid Kerberos names:
-.sp
-.nf
-.in +8
-billb
-jis.admin
-srz@lcs.mit.edu
-treese.root@athena.mit.edu
-.in -8
-.fi
-.PP
-When you authenticate yourself with
-Kerberos,
-through either the workstation
-.I toehold
-system or the
-.I kinit
-command,
-Kerberos
-gives you an initial
-Kerberos
-.IR ticket .
-(A
-Kerberos
-ticket
-is an encrypted protocol message that provides authentication.)
-Kerberos
-uses this ticket for network utilities
-such as
-.I rlogin
-and
-.IR rcp .
-The ticket transactions are done transparently,
-so you don't have to worry about their management.
-.PP
-Note, however, that tickets expire.
-Privileged tickets, such as root instance tickets,
-expire in a few minutes, while tickets that carry more ordinary
-privileges may be good for several hours or a day, depending on the
-installation's policy.
-If your login session extends beyond the time limit,
-you will have to re-authenticate yourself to
-Kerberos
-to get new tickets.
-Use the
-.IR kinit
-command to re-authenticate yourself.
-.PP
-If you use the
-.I kinit
-command to get your tickets,
-make sure you use the
-.I kdestroy
-command
-to destroy your tickets before you end your login session.
-You should probably put the
-.I kdestroy
-command in your
-.I \.logout
-file so that your tickets will be destroyed automatically when you logout.
-For more information about the
-.I kinit
-and
-.I kdestroy
-commands,
-see the
-.I kinit(1)
-and
-.I kdestroy(1)
-manual pages.
-.PP
-Currently,
-Kerberos
-supports the following network services:
-.IR rlogin ,
-.IR rsh ,
-and
-.IR rcp .
-Other services are being worked on,
-such as the
-.IR pop
-mail system and NFS (network file system),
-but are not yet available.
-
-.SH "SEE ALSO"
-kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3),
-kadmin(8)
-.SH BUGS
-Kerberos
-will not do authentication forwarding.
-In other words,
-if you use
-.I rlogin
-to login to a remote host,
-you cannot use
-Kerberos
-services from that host
-until you authenticate yourself explicitly on that host.
-Although you may need to authenticate yourself on the remote
-host,
-be aware that when you do so,
-.I rlogin
-sends your password across the network in clear text.
-
-.SH AUTHORS
-Steve Miller, MIT Project Athena/Digital Equipment Corporation
-.br
-Clifford Neuman, MIT Project Athena
-
-The following people helped out on various aspects of the system:
-
-Jeff Schiller designed and wrote the administration server and its
-user interface, kadmin.
-He also wrote the dbm version of the database management system.
-
-Mark Colan developed the
-Kerberos
-versions of
-.IR rlogin ,
-.IR rsh ,
-and
-.IR rcp ,
-as well as contributing work on the servers.
-
-John Ostlund developed the
-Kerberos
-versions of
-.I passwd
-and
-.IR userreg .
-
-Stan Zanarotti pioneered Kerberos in a foreign realm (LCS),
-and made many contributions based on that experience.
-
-Many people contributed code and/or useful ideas, including
-Jim Aspnes,
-Bob Baldwin,
-John Barba,
-Richard Basch,
-Jim Bloom,
-Bill Bryant,
-Rob French,
-Dan Geer,
-David Jedlinsky,
-John Kohl,
-John Kubiatowicz,
-Bob McKie,
-Brian Murphy,
-Ken Raeburn,
-Chris Reed,
-Jon Rochlis,
-Mike Shanzer,
-Bill Sommerfeld,
-Jennifer Steiner,
-Ted Ts'o,
-and
-Win Treese.
-
-.SH RESTRICTIONS
-
-COPYRIGHT 1985,1986 Massachusetts Institute of Technology
diff --git a/kerberosIV/kerberos/kerberos.c b/kerberosIV/kerberos/kerberos.c
deleted file mode 100644
index 567e7d2fef6..00000000000
--- a/kerberosIV/kerberos/kerberos.c
+++ /dev/null
@@ -1,1021 +0,0 @@
-/* $OpenBSD: kerberos.c,v 1.16 1999/05/23 17:19:24 aaron Exp $ */
-/* $KTH: kerberos.c,v 1.70 1997/09/26 18:06:38 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
-#include <sys/select.h>
-#include <errno.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <sys/ioctl.h>
-#include <sys/filio.h>
-
-#include <netdb.h>
-#include <stdarg.h>
-#include <err.h>
-
-#include <des.h>
-#include <kerberosIV/krb.h>
-#include <kerberosIV/krb_db.h>
-#include <kerberosIV/prot.h>
-#include "klog.h"
-
-#include "version.h"
-#include "krb_log.h"
-#include "kdc.h"
-
-static des_key_schedule master_key_schedule;
-static des_cblock master_key;
-
-static struct timeval kerb_time;
-static u_char master_key_version;
-static char k_instance[INST_SZ];
-static char *lt;
-static int more;
-
-static int mflag; /* Are we invoked manually? */
-static char *log_file = KRBLOG; /* name of alt. log file */
-static int nflag; /* don't check max age */
-static int rflag; /* alternate realm specified */
-
-/* fields within the received request packet */
-static char *req_name_ptr;
-static char *req_inst_ptr;
-static char *req_realm_ptr;
-static u_int32_t req_time_ws;
-
-static char local_realm[REALM_SZ];
-
-/* options */
-static int max_age = -1;
-static int pause_int = -1;
-static char progname[]="kerberos";
-
-#ifndef MAX
-#define MAX(a,b) (((a)>(b))?(a):(b))
-#endif /* MAX */
-
-#ifndef MIN
-#define MIN(a,b) (((a)<(b))?(a):(b))
-#endif /* MIN */
-
-/*
- * Print usage message and exit.
- */
-static void
-usage(void)
-{
- fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]"
- " [-a max_age] [-l log_file] [-i address_to_listen_on]"
- " [-r realm] [database_pathname]\n",
- progname);
- exit(1);
-}
-
-/*
- * kerb_err_reply creates an error reply packet and sends it to the
- * client.
- */
-
-static void
-kerb_err_reply(int f, struct sockaddr_in *client, int err, char *string)
-{
- static KTEXT_ST e_pkt_st;
- KTEXT e_pkt = &e_pkt_st;
- static char e_msg[128];
-
- strncpy(e_msg, "\nKerberos error -- ", sizeof(e_msg));
- if (strlen(e_msg) < sizeof(e_msg))
- strncat(e_msg, string, sizeof(e_msg) - strlen(e_msg) - 1);
- e_msg[sizeof(e_msg) - 1] = '\0';
- cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
- req_time_ws, err, e_msg);
- sendto(f, (char*)e_pkt->dat, e_pkt->length, 0, (struct sockaddr *)client,
- sizeof(*client));
-}
-
-static void
-hang(void)
-{
- if (pause_int == -1) {
- klog(L_KRB_PERR, "Kerberos will pause so as not to loop init");
- for (;;)
- pause();
- } else {
- char buf[256];
- snprintf(buf, sizeof(buf),
- "Kerberos will wait %d seconds before dying so as not to loop init",
- pause_int);
- klog(L_KRB_PERR, buf);
- sleep(pause_int);
- klog(L_KRB_PERR, "Do svedania....\n");
- exit(1);
- }
-}
-
-static int
-check_princ(char *p_name, char *instance, unsigned int lifetime, Principal *p)
-{
- static int n;
- static int more;
-
- n = kerb_get_principal(p_name, instance, p, 1, &more);
-
- if (n < 0) {
- lt = klog(L_KRB_PERR, "Database unavailable!");
- hang();
- }
-
- /*
- * if more than one p_name, pick one, randomly create a session key,
- * compute maximum lifetime, lookup authorizations if applicable,
- * and stuff into cipher.
- */
- if (n == 0) {
- /* service unknown, log error, skip to next request */
- lt = klog(L_ERR_UNK, "UNKNOWN %s.%s", p_name, instance);
- return KERB_ERR_PRINCIPAL_UNKNOWN;
- }
- if (more) {
- /* not unique, log error */
- lt = klog(L_ERR_NUN, "Principal not unique %s.%s", p_name, instance);
- return KERB_ERR_PRINCIPAL_NOT_UNIQUE;
- }
- /* If the user's key is null, we want to return an error */
- if ((p->key_low == 0) && (p->key_high == 0)) {
- /* User has a null key */
- lt = klog(L_ERR_NKY, "Null key %s.%s", p_name, instance);
- return KERB_ERR_NULL_KEY;
- }
- if (master_key_version != p->kdc_key_ver) {
- /* log error reply */
- lt = klog(L_ERR_MKV,
- "Incorrect master key version for %s.%s: %d (should be %d)",
- p->name, p->instance, p->kdc_key_ver, master_key_version);
- return KERB_ERR_NAME_MAST_KEY_VER;
- }
- /* make sure the service hasn't expired */
- if ((u_int32_t) p->exp_date < (u_int32_t) kerb_time.tv_sec) {
- /* service did expire, log it */
- time_t t = p->exp_date;
- lt = klog(L_ERR_SEXP,
- "Principal %s.%s expired at %s", p->name, p->instance,
- krb_stime(&t));
- return KERB_ERR_NAME_EXP;
- }
- /* ok is zero */
- return 0;
-}
-
-static void
-unseal(des_cblock *key)
-{
- kdb_encrypt_key(key, key, &master_key, master_key_schedule, DES_DECRYPT);
-}
-
-
-/* Set the key for krb_rd_req so we can check tgt */
-static int
-set_tgtkey(char *r)
- /* Realm for desired key */
-{
- int n;
- static char lastrealm[REALM_SZ];
- Principal p_st;
- Principal *p = &p_st;
- des_cblock key;
-
- if (!strcmp(lastrealm, r))
- return (KSUCCESS);
-
- klog(L_ALL_REQ, "Getting key for %s", r);
-
- n = kerb_get_principal(KRB_TICKET_GRANTING_TICKET, r, p, 1, &more);
- if (n == 0)
- return (KFAILURE);
-
- /* unseal tgt key from master key */
- copy_to_key(&p->key_low, &p->key_high, key);
- unseal(&key);
- krb_set_key(key, 0);
- strncpy(lastrealm, r, sizeof(lastrealm) - 1);
- lastrealm[sizeof(lastrealm) - 1] = '\0';
- return (KSUCCESS);
-}
-
-
-static int
-kerberos(unsigned char *buf, int len,
- char *proto, struct sockaddr_in *client,
- struct sockaddr_in *server,
- KTEXT rpkt)
-{
- int pvno;
- int msg_type;
- int lsb;
- int life;
- int flags = 0;
- char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
- char service[SNAME_SZ], sinst[INST_SZ];
- u_int32_t req_time;
- static KTEXT_ST ticket, cipher, adat;
- KTEXT tk = &ticket, ciph = &cipher, auth = &adat;
- AUTH_DAT ad;
- des_cblock session, key;
- int err;
- Principal a_name, s_name;
-
- char *msg;
-
-
- unsigned char *p = buf;
- if(len < 2){
- strncpy((char*)rpkt->dat, "Packet too short", MAX_KTXT_LEN - 1);
- rpkt->dat[MAX_KTXT_LEN - 1] = '\0';
- return KFAILURE;
- }
-
- gettimeofday(&kerb_time, NULL);
-
- pvno = *p++;
- if(pvno != KRB_PROT_VERSION){
- msg = klog(L_KRB_PERR, "KRB protocol version mismatch (%d)", pvno);
- strncpy((char*)rpkt->dat, msg, MAX_KTXT_LEN - 1);
- rpkt->dat[MAX_KTXT_LEN - 1] = '\0';
- return KERB_ERR_PKT_VER;
- }
- msg_type = *p++;
- lsb = msg_type & 1;
- msg_type &= ~1;
- switch(msg_type){
- case AUTH_MSG_KDC_REQUEST:
- /* XXX range check */
- p += krb_get_nir(p, name, inst, realm);
- p += krb_get_int(p, &req_time, 4, lsb);
- life = *p++;
- p += krb_get_nir(p, service, sinst, NULL);
- klog(L_INI_REQ,
- "AS REQ %s.%s@%s for %s.%s from %s (%s/%u)",
- name, inst, realm, service, sinst,
- inet_ntoa(client->sin_addr),
- proto, ntohs(server->sin_port));
- if((err = check_princ(name, inst, 0, &a_name))){
- strncpy((char*)rpkt->dat, krb_get_err_text(err), MAX_KTXT_LEN - 1);
- rpkt->dat[MAX_KTXT_LEN - 1] = '\0';
- return err;
- }
- tk->length = 0;
- if((err = check_princ(service, sinst, 0, &s_name))){
- strncpy((char*)rpkt->dat, krb_get_err_text(err), MAX_KTXT_LEN - 1);
- rpkt->dat[MAX_KTXT_LEN -1] = '\0';
- return err;
- }
- life = MIN(life, s_name.max_life);
- life = MIN(life, a_name.max_life);
-
- des_new_random_key(&session);
- copy_to_key(&s_name.key_low, &s_name.key_high, key);
- unseal(&key);
- krb_create_ticket(tk, flags, a_name.name, a_name.instance,
- local_realm, client->sin_addr.s_addr,
- session,
- life, kerb_time.tv_sec,
- s_name.name, s_name.instance, &key);
- copy_to_key(&a_name.key_low, &a_name.key_high, key);
- unseal(&key);
- create_ciph(ciph, session, s_name.name, s_name.instance,
- local_realm, life, s_name.key_version, tk,
- kerb_time.tv_sec, &key);
- memset(&session, 0, sizeof(session));
- memset(&key, 0, sizeof(key));
- {
- KTEXT r;
- r = create_auth_reply(name, inst, realm, req_time, 0,
- a_name.exp_date, a_name.key_version, ciph);
- memcpy(rpkt, r, sizeof(*rpkt));
- }
- return 0;
- case AUTH_MSG_APPL_REQUEST:
- strncpy(realm, (char*)buf + 3, REALM_SZ - 1);
- realm[REALM_SZ - 1] = '\0';
- if((err = set_tgtkey(realm))){
- msg = klog(L_ERR_UNK,
- "Unknown realm %s from %s (%s/%u)",
- realm, inet_ntoa(client->sin_addr),
- proto, ntohs(server->sin_port));
- strncpy((char*)rpkt->dat, msg, MAX_KTXT_LEN - 1);
- rpkt->dat[MAX_KTXT_LEN -1] = '\0';
- return err;
- }
- p = buf + strlen(realm) + 4;
- p = p + p[0] + p[1] + 2;
- auth->length = p - buf;
- memcpy(auth->dat, buf, auth->length);
- err = krb_rd_req(auth, KRB_TICKET_GRANTING_TICKET,
- realm, client->sin_addr.s_addr, &ad, 0);
- if(err){
- msg = klog(L_ERR_UNK,
- "krb_rd_req from %s (%s/%u): %s",
- inet_ntoa(client->sin_addr),
- proto,
- ntohs(server->sin_port),
- krb_get_err_text(err));
- strncpy((char*)rpkt->dat, msg, MAX_KTXT_LEN - 1);
- rpkt->dat[MAX_KTXT_LEN - 1] = '\0';
- return err;
- }
- p += krb_get_int(p, &req_time, 4, lsb);
- life = *p++;
- p += krb_get_nir(p, service, sinst, NULL);
- klog(L_APPL_REQ,
- "APPL REQ %s.%s@%s for %s.%s from %s (%s/%u)",
- ad.pname, ad.pinst, ad.prealm,
- service, sinst,
- inet_ntoa(client->sin_addr),
- proto,
- ntohs(server->sin_port));
-
- if(strcmp(ad.prealm, realm)){
- msg = klog(L_ERR_UNK, "Can't hop realms: %s -> %s",
- realm, ad.prealm);
- strncpy((char*)rpkt->dat, msg, MAX_KTXT_LEN - 1);
- rpkt->dat[MAX_KTXT_LEN - 1] = '\0';
- return KERB_ERR_PRINCIPAL_UNKNOWN;
- }
-
- if(!strcmp(service, "changepw")){
- strncpy((char*)rpkt->dat,
- "Can't authorize password changed based on TGT",
- MAX_KTXT_LEN - 1);
- rpkt->dat[MAX_KTXT_LEN - 1] = '\0';
- return KERB_ERR_PRINCIPAL_UNKNOWN;
- }
-
- err = check_princ(service, sinst, life, &s_name);
- if(err){
- strncpy((char*)rpkt->dat, krb_get_err_text(err), MAX_KTXT_LEN - 1);
- rpkt->dat[MAX_KTXT_LEN - 1] = '\0';
- return err;
- }
- life = MIN(life,
- krb_time_to_life(kerb_time.tv_sec,
- krb_life_to_time(ad.time_sec,
- ad.life)));
- life = MIN(life, s_name.max_life);
- copy_to_key(&s_name.key_low, &s_name.key_high, key);
- unseal(&key);
- des_new_random_key(&session);
- krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm,
- client->sin_addr.s_addr, &session,
- life, kerb_time.tv_sec,
- s_name.name, s_name.instance,
- &key);
-
- memset(&key, 0, sizeof(key));
-
- create_ciph(ciph, session, service, sinst, local_realm,
- life, s_name.key_version, tk,
- kerb_time.tv_sec, &ad.session);
-
- memset(&session, 0, sizeof(session));
- memset(ad.session, 0, sizeof(ad.session));
- {
- KTEXT r;
- r =create_auth_reply(ad.pname, ad.pinst, ad.prealm,
- req_time, 0, 0, 0, ciph);
- memcpy(rpkt, r, sizeof(*rpkt));
- }
- memset(&s_name, 0, sizeof(s_name));
- return 0;
-
- case AUTH_MSG_ERR_REPLY:
- return -1;
- default:
- msg = klog(L_KRB_PERR,
- "Unknown message type: %d from %s (%s/%u)",
- msg_type,
- inet_ntoa(client->sin_addr),
- proto,
- ntohs(server->sin_port));
- strncpy((char*)rpkt->dat, msg, MAX_KTXT_LEN - 1);
- rpkt->dat[MAX_KTXT_LEN - 1] = '\0';
- return KFAILURE;
- }
-}
-
-
-static void
-kerberos_wrap(int s, KTEXT data, char *proto, struct sockaddr_in *client,
- struct sockaddr_in *server)
-{
- KTEXT_ST pkt;
- int http_flag = strcmp(proto, "http") == 0;
- int err = kerberos(data->dat, data->length, proto, client, server, &pkt);
- if(err == -1)
- return;
- if(http_flag){
- const char *msg =
- "HTTP/1.1 200 OK\r\n"
- "Server: KTH-KRB/" VERSION "\r\n"
- "Content-type: application/octet-stream\r\n"
- "Content-transfer-encoding: binary\r\n\r\n";
- sendto(s, msg, strlen(msg), 0, (struct sockaddr *)client,
- sizeof(*client));
- }
- if(err){
- kerb_err_reply(s, client, err, (char*)pkt.dat);
- return;
- }
- sendto(s, pkt.dat, pkt.length, 0, (struct sockaddr *)client,
- sizeof(*client));
-}
-
-
-/*
- * setup_disc
- *
- * disconnect all descriptors, remove ourself from the process
- * group that spawned us.
- */
-
-static void
-setup_disc(void)
-{
- int s;
-
- for (s = 0; s < 3; s++) {
- close(s);
- }
-
- open("/dev/null", 0);
- dup2(0, 1);
- dup2(0, 2);
-
- setsid();
-
- chdir("/tmp");
- return;
-}
-
-/*
- * Make sure that database isn't stale.
- *
- * Exit if it is; we don't want to tell lies.
- */
-
-static void
-check_db_age(void)
-{
- long age;
-
- if (max_age != -1) {
- /* Requires existance of kerb_get_db_age() */
- gettimeofday(&kerb_time, 0);
- age = kerb_get_db_age();
- if (age == 0) {
- klog(L_KRB_PERR, "Database currently being updated!");
- hang();
- }
- if ((age + max_age) < kerb_time.tv_sec) {
- klog(L_KRB_PERR, "Database out of date!");
- hang();
- /* NOTREACHED */
- }
- }
-}
-
-struct descr{
- int s;
- KTEXT_ST buf;
- int type;
- int timeout;
- struct sockaddr_in addr;
-};
-
-static void
-mksocket(struct descr *d, struct in_addr addr, int type,
- const char *service, int port)
-{
- int on = 1;
- int sock;
-
- memset(d, 0, sizeof(struct descr));
- if ((sock = socket(AF_INET, type, 0)) < 0)
- err (1, "socket");
- if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
- sizeof(on)) < 0)
- warn ("setsockopt (SO_REUSEADDR)");
- memset(&d->addr, 0, sizeof(d->addr));
- d->addr.sin_family = AF_INET;
- d->addr.sin_port = port;
- d->addr.sin_addr = addr;
- if (bind(sock, (struct sockaddr *)&d->addr, sizeof(d->addr)) < 0)
- err (1, "bind '%s/%s' (%d)",
- service, (type == SOCK_DGRAM) ? "udp" : "tcp",
- ntohs(d->addr.sin_port));
-
- if(type == SOCK_STREAM)
- listen(sock, SOMAXCONN);
- d->s = sock;
- d->type = type;
-}
-
-
-static void loop(struct descr *fds, int maxfd);
-
-struct port_spec {
- int port;
- int type;
-};
-
-static int
-add_port(struct port_spec **ports, int *num_ports, int port, int type)
-{
- struct port_spec *tmp;
- tmp = realloc(*ports, (*num_ports + 1) * sizeof(*tmp));
- if(tmp == NULL) {
- free(*ports);
- return ENOMEM;
- }
- *ports = tmp;
- tmp[*num_ports].port = port;
- tmp[*num_ports].type = type;
- (*num_ports)++;
- return 0;
-}
-
-void make_sockets(char *port_spec, struct in_addr *i_addr,
- struct descr **fds, int *nfds)
-{
- int tp;
- struct in_addr *a;
- char *p, *q, *pos = NULL;
- struct servent *sp;
- struct port_spec *ports = NULL;
- int num_ports = 0;
- int i, j;
-
-
- for(p = strtok_r(port_spec, ", \t", &pos);
- p;
- p = strtok_r(NULL, ", \t", &pos)){
- if(strcmp(p, "+") == 0){
- add_port(&ports, &num_ports, 88, SOCK_DGRAM);
- add_port(&ports, &num_ports, 88, SOCK_STREAM);
- add_port(&ports, &num_ports, 750, SOCK_DGRAM);
- add_port(&ports, &num_ports, 750, SOCK_STREAM);
- }else{
- q = strchr(p, '/');
- if(q){
- *q = 0;
- q++;
- }
- sp = getservbyname(p, q);
- if(sp)
- tp = ntohs(sp->s_port);
- else if(sscanf(p, "%d", &tp) != 1) {
- warnx("Unknown port: %s%s%s", p, q ? "/" : "", q ? q : "");
- continue;
- }
- if(q){
- if(strcasecmp(q, "tcp") == 0)
- add_port(&ports, &num_ports, tp, SOCK_STREAM);
- else if(strcasecmp(q, "udp") == 0)
- add_port(&ports, &num_ports, tp, SOCK_DGRAM);
- else
- warnx("Unknown protocol type: %s", q);
- }else{
- add_port(&ports, &num_ports, tp, SOCK_DGRAM);
- add_port(&ports, &num_ports, tp, SOCK_STREAM);
- }
- }
- }
-
- if(num_ports == 0)
- errx(1, "No valid ports specified!");
-
- if (i_addr) {
- *nfds = 1;
- a = malloc(sizeof(*a) * *nfds);
- if (a == NULL)
- errx (1, "Failed to allocate %u bytes",
- sizeof(*a) * *nfds);
- memcpy(a, i_addr, sizeof(struct in_addr));
- } else
- *nfds = k_get_all_addrs (&a);
- if (*nfds < 0) {
- struct in_addr any;
-
- any.s_addr = INADDR_ANY;
-
- warnx ("Could not get local addresses, binding to INADDR_ANY");
- *nfds = 1;
- a = malloc(sizeof(*a) * *nfds);
- if (a == NULL)
- errx (1, "Failed to allocate %u bytes",
- sizeof(*a) * *nfds);
- memcpy(a, &any, sizeof(struct in_addr));
- }
- *fds = malloc(*nfds * num_ports * sizeof(**fds));
- if (*fds == NULL)
- errx (1, "Failed to allocate %u bytes",
- *nfds * num_ports * sizeof(**fds));
- for (i = 0; i < *nfds; i++) {
- for(j = 0; j < num_ports; j++) {
- mksocket(*fds + num_ports * i + j, a[i],
- ports[j].type, "", htons(ports[j].port));
- }
- }
- *nfds *= num_ports;
- free(ports);
- free (a);
-}
-
-
-int
-main(int argc, char **argv)
-{
- int child;
- int c;
- struct descr *fds;
- int nfds;
- int n;
- int kerror;
- int i_flag = 0;
- struct in_addr i_addr;
- char *port_spec = "+";
-
- umask(077); /* Create protected files */
-
- while ((c = getopt(argc, argv, "snmp:P:a:l:r:i:")) != -1) {
- switch(c) {
- case 's':
- /*
- * Set parameters to slave server defaults.
- */
- if (max_age == -1 && !nflag)
- max_age = ONE_DAY; /* 24 hours */
- if (pause_int == -1)
- pause_int = FIVE_MINUTES; /* 5 minutes */
- break;
- case 'n':
- max_age = -1; /* don't check max age. */
- nflag++;
- break;
- case 'm':
- mflag++; /* running manually; prompt for master key */
- break;
- case 'p':
- /* Set pause interval. */
- if (!isdigit(optarg[0]))
- usage();
- pause_int = atoi(optarg);
- if ((pause_int < 5) || (pause_int > ONE_HOUR)) {
- fprintf(stderr, "pause_int must be between 5 and 3600 seconds.\n");
- usage();
- }
- break;
- case 'P':
- port_spec = optarg;
- break;
- case 'a':
- /* Set max age. */
- if (!isdigit(optarg[0]))
- usage();
- max_age = atoi(optarg);
- if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) {
- fprintf(stderr, "max_age must be between one hour and three days, in seconds\n");
- usage();
- }
- break;
- case 'l':
- /* Set alternate log file */
- log_file = optarg;
- break;
- case 'r':
- /* Set realm name */
- rflag++;
- strncpy(local_realm, optarg, REALM_SZ - 1);
- local_realm[REALM_SZ - 1] = '\0';
- break;
- case 'i':
- /* Only listen on this address */
- if(inet_aton (optarg, &i_addr) == 0) {
- fprintf (stderr, "Bad address: %s\n", optarg);
- exit (1);
- }
- ++i_flag;
- break;
- default:
- usage();
- break;
- }
- }
-
- if (optind == (argc-1)) {
- if (kerb_db_set_name(argv[optind]) != 0) {
- fprintf(stderr, "Could not set alternate database name\n");
- exit(1);
- }
- optind++;
- }
-
- if (optind != argc)
- usage();
-
- printf("Kerberos server starting\n");
-
- if ((!nflag) && (max_age != -1))
- printf("\tMaximum database age: %d seconds\n", max_age);
- if (pause_int != -1)
- printf("\tSleep for %d seconds on error\n", pause_int);
- else
- printf("\tSleep forever on error\n");
- if (mflag)
- printf("\tMaster key will be entered manually\n");
-
- printf("\tLog file is %s\n", log_file);
-
- kset_logfile(log_file);
-
- {
- char hostname[MAXHOSTNAMELEN];
- /* find our hostname, and use it as the instance */
- if (gethostname(hostname, sizeof(hostname)))
- err (1, "gethostname");
- strncpy(k_instance, hostname, sizeof(k_instance) - 1);
- k_instance[sizeof(k_instance) - 1] = '\0';
- }
-
- make_sockets(port_spec, i_flag ? &i_addr : NULL, &fds, &nfds);
-
- /* do all the database and cache inits */
- if ((n = kerb_init())) {
- if (mflag) {
- printf("Kerberos db and cache init ");
- printf("failed = %d ...exiting\n", n);
- exit (1);
- } else {
- klog(L_KRB_PERR,
- "Kerberos db and cache init failed = %d ...exiting", n);
- hang();
- }
- }
-
- /* Make sure database isn't stale */
- check_db_age();
-
- /* setup master key */
- if (kdb_get_master_key (mflag, &master_key, master_key_schedule) != 0) {
- klog (L_KRB_PERR, "kerberos: couldn't get master key.");
- exit (1);
- }
- kerror = kdb_verify_master_key (&master_key, master_key_schedule, stdout);
- if (kerror < 0) {
- klog (L_KRB_PERR, "Can't verify master key.");
- memset(master_key, 0, sizeof (master_key));
- memset (master_key_schedule, 0, sizeof (master_key_schedule));
- exit (1);
- }
-
- master_key_version = (u_char) kerror;
-
- fprintf(stdout, "\nCurrent Kerberos master key version is %d\n",
- master_key_version);
- des_init_random_number_generator(&master_key);
-
- if (!rflag) {
- /* Look up our local realm */
- krb_get_lrealm(local_realm, 1);
- }
- fprintf(stdout, "Local realm: %s\n", local_realm);
- fflush(stdout);
-
- if (set_tgtkey(local_realm)) {
- /* Ticket granting service unknown */
- klog(L_KRB_PERR, "Ticket granting ticket service unknown");
- fprintf(stderr, "Ticket granting ticket service unknown\n");
- exit(1);
- }
- if (mflag) {
- if ((child = fork()) != 0) {
- printf("Kerberos started, PID=%d\n", child);
- exit(0);
- }
- setup_disc();
- }
-
- klog(L_ALL_REQ, "Starting Kerberos for %s (kvno %d)",
- local_realm, master_key_version);
-
- /* receive loop */
- loop(fds, nfds);
- exit(1);
-}
-
-
-void
-read_socket(struct descr *n)
-{
- int b;
- struct sockaddr_in from;
- int fromlen = sizeof(from);
- b = recvfrom(n->s, n->buf.dat + n->buf.length,
- MAX_PKT_LEN - n->buf.length, 0,
- (struct sockaddr *)&from, &fromlen);
- if(b < 0){
- if(n->type == SOCK_STREAM){
- close(n->s);
- n->s = -1;
- }
- n->buf.length = 0;
- return;
- }
- n->buf.length += b;
- if(n->type == SOCK_STREAM){
- char *proto = "tcp";
- if(n->buf.length > 4 &&
- strncmp((char *)n->buf.dat, "GET ", 4) == 0 &&
- strncmp((char *)n->buf.dat + n->buf.length - 4,
- "\r\n\r\n", 4) == 0){
- char *p;
- char *save = NULL;
-
- n->buf.dat[n->buf.length - 1] = 0;
- strtok_r(n->buf.dat, " \t\r\n", &save);
- p = strtok_r(NULL, " \t\r\n", &save);
- if(p == NULL)
- p = "";
- if(*p == '/') p++;
- n->buf.length = base64_decode(p, n->buf.dat);
- if(n->buf.length <= 0){
- const char *msg =
- "HTTP/1.1 404 Not found\r\n"
- "Server: KTH-KRB/" VERSION "\r\n"
- "Content-type: text/html\r\n"
- "Content-transfer-encoding: 8bit\r\n\r\n"
- "<TITLE>404 Not found</TITLE>\r\n"
- "<H1>404 Not found</H1>\r\n"
- "That page does not exist. Information about "
- "<A HREF=\"http://www.pdc.kth.se/kth-krb\">KTH-KRB</A> "
- "is available elsewhere.\r\n";
- fromlen = sizeof(from);
- if(getpeername(n->s,(struct sockaddr*)&from, &fromlen) == 0)
- klog(L_KRB_PERR, "Unknown HTTP request from %s",
- inet_ntoa(from.sin_addr));
- else
- klog(L_KRB_PERR, "Unknown HTTP request from <unknown>");
- write(n->s, msg, strlen(msg));
- close(n->s);
- n->s = -1;
- n->buf.length = 0;
- return;
- }
- proto = "http";
- b = 0;
- }
- else if(n->buf.length >= 4 && n->buf.dat[0] == 0){
- /* if this is a new type of packet (with
- the length attached to the head of the
- packet), and there is no more data to
- be read, fake an old packet, so the
- code below will work */
- u_int32_t len;
- krb_get_int(n->buf.dat, &len, 4, 0);
- if(n->buf.length == len + 4){
- memmove(n->buf.dat, n->buf.dat + 4, len);
- b = 0;
- }
- }
- if(b == 0){
- /* handle request if there are
- no more bytes to read */
- fromlen = sizeof(from);
- getpeername(n->s,(struct sockaddr*)&from, &fromlen);
- kerberos_wrap(n->s, &n->buf, proto, &from,
- &n->addr);
- n->buf.length = 0;
- close(n->s);
- n->s = -1;
- }
- }else{
- /* udp packets are atomic */
- kerberos_wrap(n->s, &n->buf, "udp", &from,
- &n->addr);
- n->buf.length = 0;
- }
-}
-
-static void
-loop(struct descr *fds, int nfds)
-{
- for (;;) {
- int ret;
- fd_set readfds;
- struct timeval tv;
- int maxfd = 0;
- struct descr *n, *minfree;
- int accepted; /* accept at most one socket per `round' */
-
- FD_ZERO(&readfds);
- gettimeofday(&tv, NULL);
- maxfd = 0;
- minfree = NULL;
- /* Remove expired TCP sockets, and add all other
- to the set we are selecting on */
- for(n = fds; n < fds + nfds; n++){
- if(n->s >= 0 && n->timeout && tv.tv_sec > n->timeout){
- kerb_err_reply(n->s, NULL, KERB_ERR_TIMEOUT, "Timeout");
- close(n->s);
- n->s = -1;
- }
- if(n->s < 0){
- if(minfree == NULL) minfree = n;
- continue;
- }
- FD_SET(n->s, &readfds);
- maxfd = MAX(maxfd, n->s);
- }
- /* add more space for sockets */
- if(minfree == NULL){
- int i = nfds;
- struct descr *new;
- nfds *=2;
- new = realloc(fds, sizeof(struct descr) * nfds);
- if(new){
- fds = new;
- minfree = fds + i;
- for(; i < nfds; i++) fds[i].s = -1;
- }
- }
- ret = select(maxfd + 1, &readfds, 0, 0, 0);
- accepted = 0;
- for (n = fds; n < fds + nfds; n++){
- if(n->s < 0) continue;
- if (FD_ISSET(n->s, &readfds)){
- if(n->type == SOCK_STREAM && n->timeout == 0){
- /* add accepted socket to list of sockets we are
- selecting on */
- int s;
- if(accepted) continue;
- accepted = 1;
- s = accept(n->s, NULL, 0);
- if(minfree == NULL){
- kerb_err_reply(s, NULL, KFAILURE, "Out of memory");
- close(s);
- }else{
- minfree->s = s;
- minfree->type = SOCK_STREAM;
- gettimeofday(&tv, NULL);
- minfree->timeout = tv.tv_sec + 4; /* XXX */
- minfree->buf.length = 0;
- memcpy(&minfree->addr, &n->addr, sizeof(minfree->addr));
- }
- }else
- read_socket(n);
- }
- }
- }
-}
diff --git a/kerberosIV/kinit/Makefile b/kerberosIV/kinit/Makefile
deleted file mode 100644
index a687f5af15c..00000000000
--- a/kerberosIV/kinit/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.3 1998/03/12 14:00:01 art Exp $
-
-PROG= kinit
-DPADD= ${LIBKRB} ${LIBDES}
-LDADD= -lkrb -ldes
-BINDIR= /usr/bin
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kinit/kinit.1 b/kerberosIV/kinit/kinit.1
deleted file mode 100644
index 91175eaf88c..00000000000
--- a/kerberosIV/kinit/kinit.1
+++ /dev/null
@@ -1,155 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kinit.1,v 1.5 1998/08/03 07:43:18 deraadt Exp $
-.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kinit \- Kerberos login utility
-.SH SYNOPSIS
-.B kinit
-[
-.B \-irvl
-]
-.SH DESCRIPTION
-The
-.I kinit
-command is used to login to the
-Kerberos
-authentication and authorization system.
-Note that only registered
-Kerberos
-users can use the
-Kerberos
-system.
-For information about registering as a
-Kerberos
-user,
-see the
-.I kerberos(1)
-manual page.
-.PP
-If you are logged in to a workstation that is running the
-.I toehold
-service,
-you do not have to use
-.I kinit.
-The
-.I toehold
-login procedure will log you into
-Kerberos
-automatically.
-You will need to use
-.I kinit
-only in those situations in which
-your original tickets have expired.
-(Tickets expire in about a day.)
-Note as well that
-.I toehold
-will automatically destroy your tickets when you logout from the workstation.
-.PP
-When you use
-.I kinit
-without options,
-the utility
-prompts for your username and Kerberos password,
-and tries to authenticate your login with the local
-Kerberos
-server.
-.PP
-If
-Kerberos
-authenticates the login attempt,
-.I kinit
-retrieves your initial ticket and puts it in the ticket file specified by
-your KRBTKFILE environment variable.
-If this variable is undefined,
-your ticket will be stored in the
-.IR /tmp
-directory,
-in the file
-.I tktuid ,
-where
-.I uid
-specifies your user identification number.
-.PP
-If you have logged in to
-Kerberos
-without the benefit of the workstation
-.I toehold
-system,
-make sure you use the
-.I kdestroy
-command to destroy any active tickets before you end your login session.
-You may want to put the
-.I kdestroy
-command in your
-.I \.logout
-file so that your tickets will be destroyed automatically when you logout.
-.PP
-The options to
-.I kinit
-are as follows:
-.TP 7
-.B \-i
-.I kinit
-prompts you for a
-Kerberos
-instance.
-.TP
-.B \-r
-.I kinit
-prompts you for a
-Kerberos
-realm.
-This option lets you authenticate yourself with a remote
-Kerberos
-server.
-.TP
-.B \-v
-Verbose mode.
-.I kinit
-prints the name of the ticket file used, and
-a status message indicating the success or failure of
-your login attempt.
-.TP
-.B \-l
-.I kinit
-prompts you for a ticket lifetime in minutes. Due to protocol
-restrictions in Kerberos Version 4, this value must be between 5 and
-1275 minutes.
-.SH SEE ALSO
-.PP
-kerberos(1), kdestroy(1), klist(1)
-.SH BUGS
-The
-.B \-r
-option has not been fully implemented.
-.SH AUTHORS
-Steve Miller, MIT Project Athena/Digital Equipment Corporation
-.br
-Clifford Neuman, MIT Project Athena
diff --git a/kerberosIV/kinit/kinit.c b/kerberosIV/kinit/kinit.c
deleted file mode 100644
index ad0b7e92a0d..00000000000
--- a/kerberosIV/kinit/kinit.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/* $OpenBSD: kinit.c,v 1.4 1998/07/13 20:08:55 art Exp $ */
-/* $Id: kinit.c,v 1.4 1998/07/13 20:08:55 art Exp $ */
-/* $KTH: kinit.c,v 1.15 1997/03/30 18:58:46 assar Exp $ */
-
-
-
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
-
-/*
- * Routine to initialize user to Kerberos. Prompts optionally for
- * user, instance and realm. Authenticates user and gets a ticket
- * for the Kerberos ticket-granting service for future use.
- *
- * Options are:
- *
- * -i[instance]
- * -r[realm]
- * -v[erbose]
- * -l[ifetime]
- * -p
- */
-
-#include <kuser_locl.h>
-#include <sys/param.h>
-
-#define LIFE DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */
-#define CHPASSLIFE 2
-
-char progname[] = "kinit";
-
-static void
-get_input(char *s, int size, FILE *stream)
-{
- char *p;
-
- if (fgets(s, size, stream) == NULL)
- exit(1);
- if ( (p = strchr(s, '\n')) != NULL)
- *p = '\0';
-}
-
-static void
-usage(void)
-{
- fprintf(stderr, "Usage: %s [-irvlp] [name]\n", progname);
- exit(1);
-}
-
-int
-main(int argc, char **argv)
-{
- char aname[ANAME_SZ];
- char inst[INST_SZ];
- char realm[REALM_SZ];
- char buf[MAXHOSTNAMELEN];
- char name[MAX_K_NAME_SZ];
- char *username = NULL;
- int iflag, rflag, vflag, lflag, pflag, lifetime, k_errno;
- int i;
-
- *inst = *realm = '\0';
- iflag = rflag = vflag = lflag = pflag = 0;
- lifetime = LIFE;
-
- while (--argc) {
- if ((*++argv)[0] != '-') {
- if (username)
- usage();
- username = *argv;
- continue;
- }
- for (i = 1; (*argv)[i] != '\0'; i++)
- switch ((*argv)[i]) {
- case 'i': /* Instance */
- ++iflag;
- continue;
- case 'r': /* Realm */
- ++rflag;
- continue;
- case 'v': /* Verbose */
- ++vflag;
- continue;
- case 'l':
- ++lflag;
- continue;
- case 'p':
- ++pflag; /* chpass-tickets */
- lifetime = CHPASSLIFE;
- break;
- default:
- usage();
- }
- }
- if (username &&
- (k_errno = kname_parse(aname, inst, realm, username)) != KSUCCESS) {
- warnx("%s", krb_get_err_text(k_errno));
- iflag = rflag = 1;
- username = NULL;
- }
- if (gethostname(buf, sizeof(buf)))
- errx(1, "gethostname failed");
- printf("%s (%s)\n", ORGANIZATION, buf);
- if (username) {
- printf("Kerberos Initialization for \"%s", aname);
- if (*inst)
- printf(".%s", inst);
- if (*realm)
- printf("@%s", realm);
- printf("\"\n");
- } else {
- printf("Kerberos Initialization\n");
- printf("Kerberos name: ");
- get_input(name, sizeof(name), stdin);
- if (!*name)
- return 0;
- if ((k_errno = kname_parse(aname, inst, realm, name)) != KSUCCESS )
- errx(1, "%s", krb_get_err_text(k_errno));
- }
- /* optional instance */
- if (iflag) {
- printf("Kerberos instance: ");
- get_input(inst, sizeof(inst), stdin);
- if (!k_isinst(inst))
- errx(1, "bad Kerberos instance format");
- }
- if (rflag) {
- printf("Kerberos realm: ");
- get_input(realm, sizeof(realm), stdin);
- if (!k_isrealm(realm))
- errx(1, "bad Kerberos realm format");
- }
- if (lflag) {
- printf("Kerberos ticket lifetime (minutes): ");
- get_input(buf, sizeof(buf), stdin);
- lifetime = atoi(buf);
- if (lifetime < 5)
- lifetime = 1;
- else
- lifetime = krb_time_to_life(0, lifetime*60);
- /* This should be changed if the maximum ticket lifetime */
- /* changes */
- if (lifetime > 255)
- lifetime = 255;
- }
- if (!*realm && krb_get_lrealm(realm, 1))
- errx(1, "krb_get_lrealm failed");
- k_errno = krb_get_pw_in_tkt(aname, inst, realm,
- pflag ? PWSERV_NAME :
- KRB_TICKET_GRANTING_TICKET,
- pflag ? KADM_SINST : realm,
- lifetime, 0);
- if (vflag) {
- printf("Kerberos realm %s:\n", realm);
- printf("%s\n", krb_get_err_text(k_errno));
- } else if (k_errno)
- errx(1, "%s", krb_get_err_text(k_errno));
- exit(0);
-}
diff --git a/kerberosIV/klist/Makefile b/kerberosIV/klist/Makefile
deleted file mode 100644
index 277c2813add..00000000000
--- a/kerberosIV/klist/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.3 1998/05/18 01:24:53 art Exp $
-
-PROG= klist
-SRCS= klist.c
-.PATH: ${.CURDIR}/../roken
-SRCS+= parse_time.c parse_units.c
-DPADD= ${LIBKRB} ${LIBDES}
-LDADD= -lkrb -ldes -lkafs
-BINDIR= /usr/bin
-CFLAGS+= -I${.CURDIR}/../roken
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/klist/klist.1 b/kerberosIV/klist/klist.1
deleted file mode 100644
index a18393603f1..00000000000
--- a/kerberosIV/klist/klist.1
+++ /dev/null
@@ -1,106 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: klist.1,v 1.4 1998/02/25 15:51:01 art Exp $
-.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-klist \- list currently held Kerberos tickets
-.SH SYNOPSIS
-.B klist
-[
-\fB\-s \fR|\fB \-t\fR
-] [
-.B \-file
-name ] [
-.B \-srvtab
-]
-.br
-.SH DESCRIPTION
-.I klist
-prints the name of the tickets file and the
-identity of the principal the tickets are for (as listed in the
-tickets file), and
-lists the principal names of all Kerberos tickets currently held by
-the user, along with the issue and expire time for each authenticator.
-Principal names are listed in the form
-.I name.instance@realm,
-with the '.' omitted if the instance is null,
-and the '@' omitted if the realm is null.
-
-If given the
-.B \-s
-option,
-.I klist
-does not print the issue and expire times, the name of the tickets file,
-or the identity of the principal.
-
-If given the
-.B \-t
-option,
-.B klist
-checks for the existence of a non-expired ticket-granting-ticket in the
-ticket file. If one is present, it exits with status 0, else it exits
-with status 1. No output is generated when this option is specified.
-
-If given the
-.B \-file
-option, the following argument is used as the ticket file.
-Otherwise, if the
-.B KRBTKFILE
-environment variable is set, it is used.
-If this environment variable
-is not set, the file
-.B /tmp/tkt[uid]
-is used, where
-.B uid
-is the current user-id of the user.
-
-If given the
-.B \-srvtab
-option, the file is treated as a service key file, and the names of the
-keys contained therein are printed. If no file is
-specified with a
-.B \-file
-option, the default is
-.IR /etc/srvtab .
-.SH FILES
-.TP 2i
-/etc/krb.conf
-to get the name of the local realm
-.TP
-/tmp/tkt[uid]
-as the default ticket file ([uid] is the decimal UID of the user).
-.TP
-/etc/srvtab
-as the default service key file
-.SH SEE ALSO
-.PP
-kerberos(1), kinit(1), kdestroy(1)
-.SH BUGS
-When reading a file as a service key file, very little sanity or error
-checking is performed.
diff --git a/kerberosIV/klist/klist.c b/kerberosIV/klist/klist.c
deleted file mode 100644
index e2aec4c6b74..00000000000
--- a/kerberosIV/klist/klist.c
+++ /dev/null
@@ -1,369 +0,0 @@
-/* $OpenBSD: klist.c,v 1.6 1998/05/18 01:24:55 art Exp $ */
-/* $KTH: klist.c,v 1.35 1998/05/01 05:16:33 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Lists your current Kerberos tickets.
- * Written by Bill Sommerfeld, MIT Project Athena.
- */
-
-#include "kuser_locl.h"
-
-#include <sys/ioctl.h>
-#include <sys/ioccom.h>
-#include <kerberosIV/kafs.h>
-
-static int option_verbose = 0;
-
-static char progname[]="klist";
-
-static char *
-short_date(time_t dp)
-{
- char *cp;
- time_t t = (time_t)dp;
-
- if (t == (time_t)(-1L)) return "*** Never *** ";
- cp = ctime(&t) + 4;
- cp[15] = '\0';
- return (cp);
-}
-
-/* prints the approximate kdc time differential as something human
- readable */
-static void
-print_time_diff(void)
-{
- int d = abs(krb_get_kdc_time_diff());
- char buf[80];
-
- if ((option_verbose && d > 0) || d > 60) {
- unparse_time_approx (d, buf, sizeof(buf));
- printf ("Time diff:\t%s\n", buf);
- }
-}
-
-static void
-display_tktfile(char *file, int tgt_test, int long_form)
-{
- krb_principal pr;
- char buf1[20], buf2[20];
- int k_errno;
- CREDENTIALS c;
- int header = 1;
-
- if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL))
- file = TKT_FILE;
-
- if (long_form)
- printf("Ticket file: %s\n", file);
-
- /*
- * Since krb_get_tf_realm will return a ticket_file error,
- * we will call tf_init and tf_close first to filter out
- * things like no ticket file. Otherwise, the error that
- * the user would see would be
- * klist: can't find realm of ticket file: No ticket file (tf_util)
- * instead of
- * klist: No ticket file (tf_util)
- */
-
- /* Open ticket file */
- if ((k_errno = tf_init(file, R_TKT_FIL))) {
- if (!tgt_test)
- warnx("%s", krb_get_err_text(k_errno));
- exit(1);
- }
- /* Close ticket file */
- tf_close();
-
- /*
- * We must find the realm of the ticket file here before calling
- * tf_init because since the realm of the ticket file is not
- * really stored in the principal section of the file, the
- * routine we use must itself call tf_init and tf_close.
- */
- if ((k_errno = krb_get_tf_realm(file, pr.realm)) != KSUCCESS) {
- if (!tgt_test)
- warnx("can't find realm of ticket file: %s",
- krb_get_err_text(k_errno));
- exit(1);
- }
-
- /* Open ticket file */
- if ((k_errno = tf_init(file, R_TKT_FIL))) {
- if (!tgt_test)
- warnx("%s", krb_get_err_text(k_errno));
- exit(1);
- }
- /* Get principal name and instance */
- if ((k_errno = tf_get_pname(pr.name)) ||
- (k_errno = tf_get_pinst(pr.instance))) {
- if (!tgt_test)
- warnx("%s", krb_get_err_text(k_errno));
- exit(1);
- }
-
- /*
- * You may think that this is the obvious place to get the
- * realm of the ticket file, but it can't be done here as the
- * routine to do this must open the ticket file. This is why
- * it was done before tf_init.
- */
-
- if (!tgt_test && long_form)
- printf("Principal:\t%s\n", krb_unparse_name(&pr));
- print_time_diff();
- printf("\n");
- while ((k_errno = tf_get_cred(&c)) == KSUCCESS) {
- if (!tgt_test && long_form && header) {
- printf("%-15s %-15s %s%s\n",
- " Issued", " Expires", " Principal",
- option_verbose ? " (kvno)" : "");
- header = 0;
- }
- if (tgt_test) {
- c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
- if (!strcmp(c.service, KRB_TICKET_GRANTING_TICKET) &&
- !strcmp(c.instance, pr.realm)) {
- if (time(0) < c.issue_date)
- exit(0); /* tgt hasn't expired */
- else
- exit(1); /* has expired */
- }
- continue; /* not a tgt */
- }
- if (long_form) {
- struct timeval tv;
-
- strcpy(buf1, short_date(c.issue_date));
- c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
- krb_kdctimeofday(&tv);
- if (option_verbose || tv.tv_sec < (unsigned long) c.issue_date)
- strcpy(buf2, short_date(c.issue_date));
- else
- strcpy(buf2, ">>> Expired <<<");
- printf("%s %s ", buf1, buf2);
- }
- printf("%s", krb_unparse_name_long(c.service, c.instance, c.realm));
- if(long_form && option_verbose)
- printf(" (%d)", c.kvno);
- printf("\n");
- }
- if (tgt_test)
- exit(1); /* no tgt found */
- if (header && long_form && k_errno == EOF) {
- printf("No tickets in file.\n");
- }
-}
-
-/* adapted from getst() in librkb */
-/*
- * ok_getst() takes a file descriptor, a string and a count. It reads
- * from the file until either it has read "count" characters, or until
- * it reads a null byte. When finished, what has been read exists in
- * the given string "s". If "count" characters were actually read, the
- * last is changed to a null, so the returned string is always null-
- * terminated. ok_getst() returns the number of characters read, including
- * the null terminator.
- *
- * If there is a read error, it returns -1 (like the read(2) system call)
- */
-
-static int
-ok_getst(int fd, char *s, int n)
-{
- int count = n;
- int err;
-
- if (s == NULL)
- return -1;
-
- while ((err = read(fd, s, 1)) > 0 && (--count) != 0)
- if (*s++ == '\0')
- return (n - count);
- if (err < 0)
- return(-1);
- *s = '\0';
- return (n - count);
-}
-
-static void
-display_tokens(void)
-{
- u_int32_t i;
- unsigned char t[128];
- struct ViceIoctl parms;
-
- parms.in = (void *)&i;
- parms.in_size = sizeof(i);
- parms.out = (void *)t;
- parms.out_size = sizeof(t);
-
- for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) {
- int32_t size_secret_tok, size_public_tok;
- char *cell;
- struct ClearToken ct;
- unsigned char *r = t;
-
- memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
- /* dont bother about the secret token */
- r += size_secret_tok + sizeof(size_secret_tok);
- memcpy(&size_public_tok, r, sizeof(size_public_tok));
- r += sizeof(size_public_tok);
- memcpy(&ct, r, size_public_tok);
- r += size_public_tok;
- /* there is a int32_t with length of cellname, but we dont read it */
- r += sizeof(int32_t);
- cell = r;
-
- printf("%-15s ", short_date(ct.BeginTimestamp));
- printf("%-15s ", short_date(ct.EndTimestamp));
- if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
- printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
- else
- printf("Tokens for %s", cell);
- if (option_verbose)
- printf(" (%d)", ct.AuthHandle);
- putchar('\n');
- }
-}
-
-static void
-display_srvtab(char *file)
-{
- int stab;
- char serv[SNAME_SZ];
- char inst[INST_SZ];
- char rlm[REALM_SZ];
- unsigned char key[8];
- unsigned char vno;
- int count;
-
- printf("Server key file: %s\n", file);
-
- if ((stab = open(file, O_RDONLY, 0400)) < 0) {
- perror(file);
- exit(1);
- }
- printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm",
- "Key Version");
- printf("------------------------------------------------------\n");
-
- /* argh. getst doesn't return error codes, it silently fails */
- while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0)
- && ((count = ok_getst(stab, inst, INST_SZ)) > 0)
- && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) {
- if (((count = read(stab, &vno,1)) != 1) ||
- ((count = read(stab, key,8)) != 8)) {
- if (count < 0)
- err(1, "reading from key file");
- else
- errx(1, "key file truncated");
- }
- printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno);
- }
- if (count < 0)
- warn(file);
- close(stab);
-}
-
-static void
-usage(void)
-{
- fprintf(stderr,
- "Usage: %s [ -v | -s | -t ] [ -f filename ] [-tokens] [-srvtab ]\n",
- progname);
- exit(1);
-}
-
-/* ARGSUSED */
-int
-main(int argc, char **argv)
-{
- int long_form = 1;
- int tgt_test = 0;
- int do_srvtab = 0;
- int do_tokens = 0;
- char *tkt_file = NULL;
-
- while (*(++argv) != NULL) {
- if (!strcmp(*argv, "-v")) {
- option_verbose = 1;
- continue;
- }
- if (!strcmp(*argv, "-s")) {
- long_form = 0;
- continue;
- }
- if (!strcmp(*argv, "-t")) {
- tgt_test = 1;
- long_form = 0;
- continue;
- }
- if (strcmp(*argv, "-tokens") == 0
- || strcmp(*argv, "-T") == 0) {
- do_tokens = k_hasafs();
- continue;
- }
- if (!strcmp(*argv, "-l")) { /* now default */
- continue;
- }
- if (!strncmp(*argv, "-f", 2)) {
- if (*(++argv)) {
- tkt_file = *argv;
- continue;
- } else
- usage();
- }
- if (!strcmp(*argv, "-srvtab")) {
- if (tkt_file == NULL) /* if no other file spec'ed,
- set file to default srvtab */
- tkt_file = KEYFILE;
- do_srvtab = 1;
- continue;
- }
- usage();
- }
-
- if (do_srvtab)
- display_srvtab(tkt_file);
- else
- display_tktfile(tkt_file, tgt_test, long_form);
- if (long_form && do_tokens){
- printf("\nAFS tokens:\n");
- display_tokens();
- }
- exit(0);
-}
diff --git a/kerberosIV/kprop/Makefile b/kerberosIV/kprop/Makefile
deleted file mode 100644
index f8cf5ebf3fe..00000000000
--- a/kerberosIV/kprop/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# $Id: Makefile,v 1.3 1998/02/18 12:55:16 art Exp $
-
-PROG= kprop
-LDADD+= -lkrb -ldes
-DPADD+= ${LIBKRB} ${LIBDES}
-MAN= kprop.8
-CFLAGS+=-Wall
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kprop/kprop.8 b/kerberosIV/kprop/kprop.8
deleted file mode 100644
index 567e5931cf2..00000000000
--- a/kerberosIV/kprop/kprop.8
+++ /dev/null
@@ -1,130 +0,0 @@
-.\"
-.\" Copyright (c) 1997 Jason L. Wright. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by Jason L. Wright
-.\" 4. The name of Jason L. Wright may not be used to endorse or promote
-.\" products derived from this software without specific prior written
-.\" permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY Jason L. Wright ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL Jason L. Wright BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.Dd July 2, 1997
-.Dt KPROP 8
-.Os
-.Sh NAME
-.Nm kprop
-.Nd network utility for Kerberos database propagation
-.Sh SYNOPSIS
-.Nm kadmin database slaves_file [-force] [-safe | -clear] [-realm realm]
-.Sh DESCRIPTION
-The
-.Nm kprop
-daemon runs on a Kerberos master and propagates the Kerberos
-database to the Kerberos slaves, where it is received by the waiting
-.Xr kpropd 8
-daemon.
-.Pp
-The first parameter,
-.Nm database ,
-is the name of the file out of which data is
-extracted. This file is not the db-formatted Kerberos database,
-.Pa /etc/kerberosIV/principal.db .
-See the
-.Nm db(3)
-reference page for more
-information. The database is a file created by the
-.Nm kdb_util slave dump
-command. It is an ASCII representation of the Kerberos database.
-.Pp
-The second parameter that must be supplied is
-.Nm slaves_file ,
-the name of the
-file on the Kerberos master that lists the Kerberos slaves to which kprop
-propagates the Kerberos master database. The slaves file contains one
-line for each host running a secondary server consisting on just the hostname
-of the machine.
-.Pp
-The Kerberos utility first determines whether the ASCII Kerberos database,
-database, was correctly dumped by
-.Nm kdb_util .
-It accomplishes this by
-determining if database is older than the
-.Pa database.dump.ok
-file created by
-.Nm kdb_util
-during the slave dump operation. If it is older, the dump did not
-succeed or is not yet finished. If the dump did not complete successfully
-or has not yet completed, the master database is not transferred to any
-Kerberos slave. Otherwise,
-.Nm kprop
-determines, for each slave server listed
-in the slaves file, whether or not the database has changed since the last
-successful transfer to the slave. It determines this for slave server
-.Nm cactus
-by comparing the modification time of the
-.Pa cactus-last-prop
-file, which is stored in the same directory as the slaves file,
-with the modification time of database. If the
-.Pa /etc/kerberosIV/cactus-last-prop
-file
-is newer, then the database, need not be transferred to
-.Nm cactus .
-Finally,
-.Nm kprop
-propagates the database to those servers which need a new
-copy of the database and updates the modification time of the
-.Pa /etc/kerberosIV/server-last-prop
-file for these slave servers.
-.Ss Parameters
-.Bl -tag -width Fl
-.It Fl safe
-Data sent over the network will be authenticated at the destination
-and protected against modifications in transit. In other words,
-.Nm kprop
-and
-.Nm kpropd
-will become Kerberos authenticated to each other and send messages formatted
-with
-.Xr krb_mk_safe 3 .
-.It Fl clear
-Data will be sent in cleartext (not encrypted). This switch is useful when
-first setting up the Kerberos environment.
-.It Fl realm
-Use the specified realm instead of the default from
-.Xr krb.conf 5 .
-.It Fl force
-Force propagation to slaves even if there have been no recent changes to
-the master database. Normally, propagation only takes place if the database
-file has changed since the last transfer.
-.Sh BUGS
-This utility does not support the transfer of encrypted data.
-.Pp
-The
-.Nm -clear
-and
-.Nm -safe
-options are not implemented.
-.Sh SEE ALSO
-.Xr kerberos 1 ,
-.Xr kdb_util 8 ,
-.Xr kpropd 8
diff --git a/kerberosIV/kprop/kprop.c b/kerberosIV/kprop/kprop.c
deleted file mode 100644
index aa239e90f03..00000000000
--- a/kerberosIV/kprop/kprop.c
+++ /dev/null
@@ -1,535 +0,0 @@
-/* $OpenBSD: kprop.c,v 1.6 1998/02/25 15:51:03 art Exp $ */
-/* $KTH: kprop.c,v 1.30 1997/12/05 01:34:49 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1987 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include <slav_locl.h>
-#include <kprop.h>
-#include <sys/param.h>
-#include <err.h>
-
-static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION;
-
-int debug = 0;
-
-char my_realm[REALM_SZ];
-int princ_data_size = 3 * sizeof(int32_t) + 3 * sizeof(unsigned char);
-short transfer_mode, net_transfer_mode;
-int force_flag;
-static char ok[] = ".dump_ok";
-
-struct slave_host {
- u_int32_t net_addr;
- char *name;
- char *instance;
- char *realm;
- int not_time_yet;
- int succeeded;
- struct slave_host *next;
-};
-
-static
-int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime)
-{
- FILE *fin;
- char namebuf[128], *inst;
- char *pc;
- struct hostent *host;
- struct slave_host **th;
- char path[256];
- char *ppath;
- struct stat stbuf;
-
- if ((fin = fopen(file, "r")) == NULL)
- err(1, "open(%s)", file);
- strcpy(path, file);
- if ((ppath = strrchr(path, '/'))) {
- ppath += 1;
- } else {
- ppath = path;
- }
- th = psl;
- while(fgets(namebuf, sizeof(namebuf), fin)){
- if ((pc = strchr(namebuf, '\n'))) {
- *pc = '\0';
- } else {
- if(strlen(namebuf) == sizeof(namebuf) - 1){
- warnx ("Hostname too long (>= %d chars) in '%s'.",
- (int) sizeof(namebuf), file);
- do{
- if(fgets(namebuf, sizeof(namebuf), fin) == NULL)
- break;
- }while(strchr(namebuf, '\n') == NULL);
- continue;
- }
- }
- if(namebuf[0] == 0 || namebuf[0] == '#')
- continue;
- host = gethostbyname(namebuf);
- if (host == NULL) {
- warnx ("Ignoring host '%s' in '%s': %s",
- namebuf, file,
- "unknown error"
- );
- continue;
- }
- (*th) = (struct slave_host *) malloc(sizeof(struct slave_host));
- if (!*th)
- errx (1, "No memory reading host list from '%s'.",
- file);
- memset(*th, 0, sizeof(struct slave_host));
- (*th)->name = strdup(namebuf);
- if ((*th)->name == NULL)
- errx (1, "No memory reading host list from '%s'.",
- file);
- /* get kerberos cannonical instance name */
- inst = krb_get_phost ((*th)->name);
- (*th)->instance = strdup(inst);
- if ((*th)->instance == NULL)
- errx (1, "No memory reading host list from '%s'.",
- file);
- /* what a concept, slave servers in different realms! */
- (*th)->realm = my_realm;
- memcpy(&(*th)->net_addr, host->h_addr, sizeof((*th)->net_addr));
- (*th)->not_time_yet = 0;
- (*th)->succeeded = 0;
- (*th)->next = NULL;
- strcat(strcpy(ppath, (*th)->name), "-last-prop");
- if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) {
- (*th)->not_time_yet = 1;
- (*th)->succeeded = 1; /* no change since last success */
- }
- th = &(*th)->next;
- }
- fclose(fin);
- return (1);
-}
-
-/* The master -> slave protocol looks like this:
- 1) 8 byte version string
- 2) 2 bytes of "transfer mode" (net byte order of course)
- 3) ticket/authentication send by sendauth
- 4) 4 bytes of "block" length (u_int32_t)
- 5) data
-
- 4 and 5 repeat til EOF ...
-*/
-
-static int
-prop_to_slaves(struct slave_host *sl, int fd, char *fslv)
-{
- u_char buf[KPROP_BUFSIZ];
- u_char obuf[KPROP_BUFSIZ + 64]; /* leave room for private msg overhead */
- struct sockaddr_in sin, my_sin;
- int i, n, s;
- struct slave_host *cs; /* current slave */
- char path[256], my_host_name[MAXHOSTNAMELEN], *p_my_host_name;
- char kprop_service_instance[INST_SZ];
- char *pc;
- u_int32_t cksum;
- u_int32_t length, nlength;
- long kerror;
- KTEXT_ST ticket;
- CREDENTIALS cred;
- MSG_DAT msg_dat;
- static char tkstring[] = "/tmp/kproptktXXXXXXXXXX";
-
- des_key_schedule session_sched;
-
- close(mkstemp(tkstring));
- krb_set_tkt_string(tkstring);
-
- memset(&sin, 0, sizeof sin);
- sin.sin_family = AF_INET;
- sin.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT));
- sin.sin_addr.s_addr = INADDR_ANY;
-
- strcpy(path, fslv);
- if ((pc = strrchr(path, '/'))) {
- pc += 1;
- } else {
- pc = path;
- }
-
- for (i = 0; i < 5; i++) { /* try each slave five times max */
- for (cs = sl; cs; cs = cs->next) {
- if (!cs->succeeded) {
- if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0)
- err (1, "socket");
- memcpy(&sin.sin_addr, &cs->net_addr,
- sizeof cs->net_addr);
-
- if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) {
- warn ("connect(%s)", cs->name);
- close(s);
- continue; /*** NEXT SLAVE ***/
- }
-
- /* for krb_mk_{priv, safe} */
- memset(&my_sin, 0, sizeof my_sin);
- n = sizeof my_sin;
- if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) {
- warn ("getsockname(%s)", cs->name);
- close (s);
- continue; /*** NEXT SLAVE ***/
- }
- if (n != sizeof (my_sin)) {
- warnx ("can't get socketname %s length", cs->name);
- close (s);
- continue; /*** NEXT SLAVE ***/
- }
-
- /* Get ticket */
- kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME,
- cs->instance, cs->realm, (u_int32_t) 0);
- /* if ticket has expired try to get a new one, but
- * first get a TGT ...
- */
- if (kerror != MK_AP_OK) {
- if (gethostname (my_host_name, sizeof(my_host_name)) != 0) {
- warnx ("gethostname(%s): %s",
- my_host_name,
- "unknown error"
- );
- close (s);
- break; /* next one can't work either! */
- }
- /* get canonical kerberos service instance name */
- p_my_host_name = krb_get_phost (my_host_name);
- /* copy it to make sure gethostbyname static doesn't
- * screw us. */
- strcpy (kprop_service_instance, p_my_host_name);
- kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME,
-#if 0
- kprop_service_instance,
-#else
- KRB_MASTER,
-#endif
- my_realm,
- KRB_TICKET_GRANTING_TICKET,
- my_realm,
- 96,
- KPROP_SRVTAB);
- if (kerror != INTK_OK) {
- warnx ("%s: %s. While getting initial ticket\n",
- cs->name, krb_get_err_text(kerror));
- close (s);
- goto punt;
- }
- kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME,
- cs->instance, cs->realm, (u_int32_t) 0);
- }
- if (kerror != MK_AP_OK) {
- warnx ("%s: krb_mk_req: %s",
- cs->name, krb_get_err_text(kerror));
- close (s);
- continue; /*** NEXT SLAVE ***/
- }
-
- if (write(s, kprop_version, sizeof(kprop_version))
- != sizeof(kprop_version)) {
- warn ("%s", cs->name);
- close (s);
- continue; /*** NEXT SLAVE ***/
- }
-
- net_transfer_mode = htons (transfer_mode);
- if (write(s, &net_transfer_mode, sizeof(net_transfer_mode))
- != sizeof(net_transfer_mode)) {
- warn ("write(%s)", cs->name);
- close (s);
- continue; /*** NEXT SLAVE ***/
- }
-
- kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance,
- cs->realm, &cred);
- if (kerror != KSUCCESS) {
- warnx ("%s: %s. Getting session key.",
- cs->name, krb_get_err_text(kerror));
- close (s);
- continue; /*** NEXT SLAVE ***/
- }
-#ifdef NOENCRYPTION
- memset(session_sched, 0, sizeof(session_sched));
-#else
- if (des_key_sched (&cred.session, session_sched)) {
- warnx ("%s: can't make key schedule.",
- cs->name);
- close (s);
- continue; /*** NEXT SLAVE ***/
- }
-#endif
- /* SAFE (quad_cksum) and CLEAR are just not good enough */
- cksum = 0;
-#ifdef not_working_yet
- if (transfer_mode != KPROP_TRANSFER_PRIVATE) {
- cksum = get_data_checksum(fd, session_sched);
- lseek(fd, 0L, 0);
- }
- else
-#endif
- {
- struct stat st;
- fstat (fd, &st);
- cksum = st.st_size;
- }
- kerror = krb_sendauth(KOPT_DO_MUTUAL,
- s,
- &ticket,
- KPROP_SERVICE_NAME,
- cs->instance,
- cs->realm,
- cksum,
- &msg_dat,
- &cred,
- session_sched,
- &my_sin,
- &sin,
- KPROP_PROT_VERSION);
- if (kerror != KSUCCESS) {
- warnx ("%s: krb_sendauth: %s.",
- cs->name, krb_get_err_text(kerror));
- close (s);
- continue; /*** NEXT SLAVE ***/
- }
-
- lseek(fd, 0L, SEEK_SET); /* Rewind file before rereading it. */
- while ((n = read(fd, buf, sizeof buf))) {
- if (n < 0)
- err (1, "read");
- switch (transfer_mode) {
- case KPROP_TRANSFER_PRIVATE:
- case KPROP_TRANSFER_SAFE:
- if (transfer_mode == KPROP_TRANSFER_PRIVATE)
- length = krb_mk_priv (buf, obuf, n,
- session_sched, &cred.session,
- &my_sin, &sin);
- else
- length = krb_mk_safe (buf, obuf, n,
- &cred.session,
- &my_sin, &sin);
- if (length == -1) {
- warnx ("%s: %s failed.",
- cs->name,
- (transfer_mode == KPROP_TRANSFER_PRIVATE)
- ? "krb_rd_priv" : "krb_rd_safe");
- close (s);
- continue; /*** NEXT SLAVE ***/
- }
- nlength = htonl(length);
- if (write(s, &nlength, sizeof nlength)
- != sizeof nlength) {
- warn ("write(%s)", cs->name);
- close (s);
- continue; /*** NEXT SLAVE ***/
- }
- if (write(s, obuf, length) != length) {
- warn ("write(%s)", cs->name);
- close(s);
- continue; /*** NEXT SLAVE ***/
- }
- break;
- case KPROP_TRANSFER_CLEAR:
- if (write(s, buf, n) != n) {
- warn ("write(%s)", cs->name);
- close(s);
- continue; /*** NEXT SLAVE ***/
- }
- break;
- }
- }
- close(s);
- cs->succeeded = 1;
- fprintf(stderr, "%s: success.\n", cs->name);
- strcat(strcpy(pc, cs->name), "-last-prop");
- unlink(path);
- close(creat(path, 0600));
- }
- }
- }
-punt:
-
- dest_tkt();
- for (cs = sl; cs; cs = cs->next) {
- if (!cs->succeeded)
- return (0); /* didn't get this slave */
- }
- return (1);
-}
-
-static void
-usage()
-{
- /* already got floc and fslv, what is this? */
- fprintf(stderr,
- "\nUsage: kprop [-force] [-realm realm] [-private"
-#ifdef not_safe_yet
- "|-safe|-clear"
-#endif
- "] [data_file [slaves_file]]\n\n");
- exit(1);
-}
-
-
-int
-main(int argc, char **argv)
-{
- int fd, i;
- char *floc, *floc_ok;
- char *fslv;
- struct stat stbuf, stbuf_ok;
- time_t l_init, l_final;
- char *pc;
- int l_diff;
- static struct slave_host *slave_host_list = NULL;
- struct slave_host *sh;
-
- transfer_mode = KPROP_TRANSFER_PRIVATE;
-
- time(&l_init);
- pc = ctime(&l_init);
- pc[strlen(pc) - 1] = '\0';
- printf("\nStart slave propagation: %s\n", pc);
-
- floc = NULL;
- fslv = NULL;
-
- if (krb_get_lrealm(my_realm,1) != KSUCCESS)
- errx (1, "Getting my kerberos realm. Check krb.conf");
-
- for (i = 1; i < argc; i++)
- switch (argv[i][0]) {
- case '-':
- if (strcmp (argv[i], "-private") == 0)
- transfer_mode = KPROP_TRANSFER_PRIVATE;
-#ifdef not_safe_yet
- else if (strcmp (argv[i], "-safe") == 0)
- transfer_mode = KPROP_TRANSFER_SAFE;
- else if (strcmp (argv[i], "-clear") == 0)
- transfer_mode = KPROP_TRANSFER_CLEAR;
-#endif
- else if (strcmp (argv[i], "-realm") == 0) {
- i++;
- if (i < argc)
- strcpy(my_realm, argv[i]);
- else
- usage();
- } else if (strcmp (argv[i], "-force") == 0)
- force_flag++;
- else {
- warnx("unknown control argument %s.", argv[i]);
- usage ();
- }
- break;
- default:
- /* positional arguments are marginal at best ... */
- if (floc == NULL)
- floc = argv[i];
- else {
- if (fslv == NULL)
- fslv = argv[i];
- else
- usage();
- }
- }
- if(floc == NULL)
- floc = DB_DIR "/slave_dump";
- if(fslv == NULL)
- fslv = DB_DIR "/slaves";
-
- asprintf (&floc_ok, "%s%s", floc, ok);
- if (floc_ok == NULL)
- errx (1, "out of memory in copying %s", floc);
-
- if ((fd = open(floc, O_RDONLY)) < 0)
- err (1, "open(%s)", floc);
- if (flock(fd, K_LOCK_SH | K_LOCK_NB))
- err (1, "flock(%s)", floc);
- if (stat(floc, &stbuf))
- err (1, "stat(%s)", floc);
- if (stat(floc_ok, &stbuf_ok))
- err (1, "stat(%s)", floc_ok);
- if (stbuf.st_mtime > stbuf_ok.st_mtime)
- errx (1, "'%s' more recent than '%s'.", floc, floc_ok);
- if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime))
- errx (1, "can't read slave host file '%s'.", fslv);
-#ifdef KPROP_DBG
- {
- struct slave_host *sh;
- int i;
- fprintf(stderr, "\n\n");
- fflush(stderr);
- for (sh = slave_host_list; sh; sh = sh->next) {
- fprintf(stderr, "slave %d: %s, %s", i++, sh->name,
- inet_ntoa(sh->net_addr));
- fflush(stderr);
- }
- }
-#endif /* KPROP_DBG */
-
- if (!prop_to_slaves(slave_host_list, fd, fslv))
- errx (1, "propagation failed.");
- if (flock(fd, K_LOCK_UN))
- err (1, "flock(%s, LOCK_UN)", floc);
- fprintf(stderr, "\n\n");
- for (sh = slave_host_list; sh; sh = sh->next) {
- fprintf(stderr, "%s:\t\t%s\n", sh->name,
- (sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED")));
- }
-
- time(&l_final);
- l_diff = l_final - l_init;
- printf("propagation finished, %d:%02d:%02d elapsed\n",
- l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60);
-
- exit(0);
-}
-
-#ifdef doesnt_work_yet
-u_long get_data_checksum(fd, key_sched)
- int fd;
- des_key_schedule key_sched;
-{
- u_int32_t cksum = 0;
- int n;
- char buf[BUFSIZ];
- u_int32_t obuf[2];
-
- while (n = read(fd, buf, sizeof buf)) {
- if (n < 0)
- err (1, "read");
- cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched);
- }
- return cksum;
-}
-#endif
diff --git a/kerberosIV/kpropd/Makefile b/kerberosIV/kpropd/Makefile
deleted file mode 100644
index ca125810852..00000000000
--- a/kerberosIV/kpropd/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# $Id: Makefile,v 1.2 1997/06/29 07:21:19 deraadt Exp $
-
-PROG= kpropd
-LDADD+= -lkrb -ldes
-DPADD+= ${LIBKRB} ${LIBDES}
-MAN= kpropd.8
-BINDIR=/usr/libexec
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kpropd/kpropd.8 b/kerberosIV/kpropd/kpropd.8
deleted file mode 100644
index 99834cdd1af..00000000000
--- a/kerberosIV/kpropd/kpropd.8
+++ /dev/null
@@ -1,106 +0,0 @@
-.\"
-.\" Copyright (c) 1997 Jason L. Wright. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by Jason L. Wright
-.\" 4. The name of Jason L. Wright may not be used to endorse or promote
-.\" products derived from this software without specific prior written
-.\" permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY Jason L. Wright ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL Jason L. Wright BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.Dd July 2, 1997
-.Dt KPROPD 8
-.Os
-.Sh NAME
-.Nm kpropd
-.Nd network utility for Kerberos database propagation
-.Sh SYNOPSIS
-.Nm kpropd [-r realm] [-s srvtab] [-d database_file] [-l logfile]
-.Nm [-p kdb_util_path] output_file
-.Sh DESCRIPTION
-This daemon runs on a Kerberos slave and waits to receive the
-Kerberos database propagated from a
-.Nm kprop
-process on a Kerberos master.
-The first parameter,
-.Nm output_file ,
-that you must supply to the daemon is the name of a text file in which
-data will be placed when it comes over the network.
-.Pp
-This utility executes the
-.Nm kdb_util
-utility, which loads the database
-from the file specified in
-.Nm output_file ,
-puts it in
-.Nm db(3)
-format, and copies it into the Kerberos database in the directory
-.Pa /etc/kerberosIV .
-.Ss Parameters
-.Bl -tag -width Fl
-.It Fl r
-Specifies the receiver realm for which data is accepted;
-.Pa /etc/kerberosIV/krb.conf
-specifies the default.
-.It Fl s
-Specifies the service table file from which to read the password
-of the daemon, because a password cannot be entered manually when
-running as a daemon. The default is:
-.Pa /etc/kerberosIV/srvtab .
-.It Fl d
-Specifies the primary Kerberos database file of a
-Kerberos slave.
-This file receives a new or updated
-database propagated from the Kerberos master.
-The default is the database
-.Pa /etc/kerberosIV/principal.db .
-.It Fl i
-Run stand-alone. If this flag is not given, it is assumed to have
-been started by inetd.
-.It Fl l
-Specifies the name of the log file to be used. The default is:
-.Pa /var/log/kpropd.log .
-.It Fl p
-Specifies the full path (with directory and command) to the program
-.Nm kdb_util .
-The default is just:
-.Nm kdb_util
-which relies on the PATH environment variable to be searched to find it.
-.It Fl P
-Synonym for
-.Nm -p .
-.Sh BUGS
-This utility does not support the transfer of encrypted data.
-.Pp
-If the
-.Nm -P
-or
-.Nm -p
-options are not specified and the PATH environment variable does not
-contain the directory with
-.Nm kdb_util ,
-this program will fail.
-.Sh SEE ALSO
-.Xr kerberos 1 ,
-.Xr kdb_util 8 ,
-.Xr kprop 8
diff --git a/kerberosIV/kpropd/kpropd.c b/kerberosIV/kpropd/kpropd.c
deleted file mode 100644
index eee0f4e23bd..00000000000
--- a/kerberosIV/kpropd/kpropd.c
+++ /dev/null
@@ -1,343 +0,0 @@
-/* $OpenBSD: kpropd.c,v 1.8 2000/01/12 19:54:47 ericj Exp $ */
-/* $KTH: kpropd.c,v 2.24 1997/12/05 01:34:57 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-
-#include <errno.h>
-#include <unistd.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <time.h>
-#include <sys/file.h>
-#include <sys/wait.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <netdb.h>
-#include <err.h>
-
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/krb_db.h>
-#include <klog.h>
-#include <kerberosIV/prot.h>
-#include <kdc.h>
-
-#include <krb_log.h>
-
-#include "kprop.h"
-
-#ifndef SBINDIR
-#define SBINDIR "/usr/sbin"
-#endif
-
-struct sockaddr_in master, slave;
-
-char *database = DBM_FILE;
-
-char *lockfile = DB_DIR "/slave_propagation";
-
-char *logfile = K_LOGFIL;
-
-char *kdb_util = SBINDIR "/kdb_util";
-
-char *kdb_util_command = "load";
-
-char *srvtab = "";
-
-char realm[REALM_SZ];
-
-static
-int
-copy_data(int from, int to, des_cblock *session, des_key_schedule schedule)
-{
- unsigned char tmp[4];
- char buf[KPROP_BUFSIZ + 26];
- u_int32_t length;
- int n;
-
- int kerr;
- MSG_DAT m;
-
- while(1){
- n = krb_net_read(from, tmp, 4);
- if(n == 0)
- break;
- if(n < 0){
- klog(L_KRB_PERR, "krb_net_read: %s", strerror(errno));
- return -1;
- }
- if(n != 4){
- klog(L_KRB_PERR, "Premature end of data");
- return -1;
- }
- length = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
- if(length > sizeof(buf)){
- klog(L_KRB_PERR, "Giant packet received: %d", length);
- return -1;
- }
- if(krb_net_read(from, buf, length) != length){
- klog(L_KRB_PERR, "Premature end of data");
- return -1;
- }
- kerr = krb_rd_priv (buf, length, schedule, session, &master, &slave, &m);
- if(kerr != KSUCCESS){
- klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr));
- return -1;
- }
- write(to, m.app_data, m.app_length);
- }
- return 0;
-}
-
-
-static
-int
-kprop(int s)
-{
- char buf[128];
- int n;
- KTEXT_ST ticket;
- AUTH_DAT ad;
- char sinst[INST_SZ];
- char command[1024];
- des_key_schedule schedule;
- int mode;
- int kerr;
- int lock;
-
- n = sizeof(master);
- if(getpeername(s, (struct sockaddr*)&master, &n) < 0){
- klog(L_KRB_PERR, "getpeername: %s", strerror(errno));
- return 1;
- }
-
- n = sizeof(slave);
- if(getsockname(s, (struct sockaddr*)&slave, &n) < 0){
- klog(L_KRB_PERR, "getsockname: %s", strerror(errno));
- return 1;
- }
-
- klog(L_KRB_PERR, "Connection from %s", inet_ntoa(master.sin_addr));
-
- n = krb_net_read(s, buf, KPROP_PROT_VERSION_LEN + 2);
- if(n < KPROP_PROT_VERSION_LEN + 2){
- klog(L_KRB_PERR, "Premature end of data");
- return 1;
- }
- if(memcmp(buf, KPROP_PROT_VERSION, KPROP_PROT_VERSION_LEN) != 0){
- klog(L_KRB_PERR, "Bad protocol version string received");
- return 1;
- }
- mode = (buf[n-2] << 8) | buf[n-1];
- if(mode != KPROP_TRANSFER_PRIVATE){
- klog(L_KRB_PERR, "Bad transfer mode received: %d", mode);
- return 1;
- }
- k_getsockinst(s, sinst, sizeof(sinst));
- kerr = krb_recvauth(KOPT_DO_MUTUAL, s, &ticket,
- KPROP_SERVICE_NAME, sinst,
- &master, &slave,
- &ad, srvtab, schedule,
- buf);
- if(kerr != KSUCCESS){
- klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr));
- return 1;
- }
-
- if(strcmp(ad.pname, KPROP_SERVICE_NAME) ||
-#if 0
- strcmp(ad.pinst, /* XXX remote host */) ||
-#else
- strcmp(ad.pinst, KRB_MASTER) ||
-#endif
- strcmp(ad.prealm, realm)){
- klog(L_KRB_PERR, "Connection from unauthorized client: %s",
- krb_unparse_name_long(ad.pname, ad.pinst, ad.prealm));
- return 1;
- }
-
- des_set_key(&ad.session, schedule);
-
- lock = open(lockfile, O_WRONLY|O_CREAT, 0600);
- if(lock < 0){
- klog(L_KRB_PERR, "Failed to open file: %s", strerror(errno));
- return 1;
- }
- if(flock(lock, K_LOCK_EX | K_LOCK_NB)){
- close(lock);
- klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno));
- return 1;
- }
-
- if(ftruncate(lock, 0) < 0){
- close(lock);
- klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno));
- return 1;
- }
-
- if(copy_data(s, lock, &ad.session, schedule)){
- close(lock);
- return 1;
- }
- close(lock);
- snprintf(command, sizeof(command),
- "%s %s %s %s", kdb_util, kdb_util_command,
- lockfile, database);
- if(system(command) == 0){
- klog(L_KRB_PERR, "Propagation finished successfully");
- return 0;
- }
- klog(L_KRB_PERR, "*** Propagation failed ***");
- return 1;
-}
-
-static int
-doit(void)
-{
- return kprop(0);
-}
-
-static int
-doit_interactive(void)
-{
- struct sockaddr_in sa;
- int salen;
- int s, s2;
- int ret;
-
- s = socket(AF_INET, SOCK_STREAM, 0);
- if(s < 0){
- klog(L_KRB_PERR, "socket: %s", strerror(errno));
- return 1;
- }
- memset(&sa, 0, sizeof(sa));
- sa.sin_family = AF_INET;
- sa.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT));
- ret = bind(s, (struct sockaddr*)&sa, sizeof(sa));
- if (ret < 0) {
- klog(L_KRB_PERR, "bind: %s", strerror(errno));
- return 1;
- }
- ret = listen(s, SOMAXCONN);
- if (ret < 0) {
- klog(L_KRB_PERR, "listen: %s", strerror(errno));
- return 1;
- }
- for(;;) {
- salen = sizeof(sa);
- s2 = accept(s, (struct sockaddr*)&sa, &salen);
- switch(fork()){
- case -1:
- klog(L_KRB_PERR, "fork: %s", strerror(errno));
- return 1;
- case 0:
- close(s);
- kprop(s2);
- return 1;
- default: {
- int status;
- close(s2);
- wait(&status);
- }
- }
- }
-}
-
-static void
-usage (void)
-{
- fprintf (stderr,
- "Usage: kpropd [-i] [-d database] [-l log] [-m] [-[p|P] program]"
- " [-r realm] [-s srvtab]\n");
- exit (1);
-}
-
-int
-main(int argc, char **argv)
-{
- int opt;
- int interactive = 0;
-
- krb_get_lrealm(realm, 1);
-
- while((opt = getopt(argc, argv, ":d:l:mp:P:r:s:i")) != -1){
- switch(opt){
- case 'd':
- database = optarg;
- break;
- case 'l':
- logfile = optarg;
- break;
- case 'm':
- kdb_util_command = "merge";
- break;
- case 'p':
- case 'P':
- kdb_util = optarg;
- break;
- case 'r':
- strncpy(realm, optarg, sizeof(realm));
- break;
- case 's':
- srvtab = optarg;
- break;
- case 'i':
- interactive = 1;
- break;
- default:
- klog(L_KRB_PERR, "Bad option: -%c", optopt);
- usage ();
- exit(1);
- }
- }
- kset_logfile(logfile);
- if (interactive)
- return doit_interactive ();
- else
- return doit ();
-}
diff --git a/kerberosIV/krb/Makefile b/kerberosIV/krb/Makefile
deleted file mode 100644
index 5ff92eab57f..00000000000
--- a/kerberosIV/krb/Makefile
+++ /dev/null
@@ -1,110 +0,0 @@
-# @(#)Makefile 8.1 (Berkeley) 6/1/93
-
-LIB= krb
-CFLAGS+=-I${.CURDIR}
-SRCS= base64.c \
- check_time.c \
- cr_err_reply.c \
- create_auth_reply.c \
- create_ciph.c \
- create_death_packet.c \
- create_ticket.c \
- debug_decl.c \
- decomp_ticket.c \
- dest_tkt.c \
- encrypt_ktext.c \
- extra.c \
- get_ad_tkt.c \
- get_cred.c \
- get_default_principal.c \
- get_host.c \
- get_in_tkt.c \
- get_krbrlm.c \
- get_svc_in_tkt.c \
- get_tf_fullname.c \
- get_tf_realm.c \
- getaddrs.c \
- getfile.c \
- getrealm.c \
- getst.c \
- k_concat.c \
- k_getport.c \
- k_getsockinst.c \
- k_localtime.c \
- kdc_reply.c \
- kntoln.c \
- krb_check_auth.c \
- krb_equiv.c \
- krb_err.c \
- krb_err_txt.c \
- krb_get_in_tkt.c \
- kuserok.c \
- lifetime.c \
- logging.c \
- lsb_addr_comp.c \
- mk_auth.c \
- mk_err.c \
- mk_priv.c \
- mk_req.c \
- mk_safe.c \
- month_sname.c \
- name2name.c \
- netread.c \
- netwrite.c \
- one.c \
- parse_name.c \
- rd_err.c\
- rd_priv.c \
- rd_req.c \
- rd_safe.c \
- read_service_key.c \
- realm_parse.c \
- recvauth.c \
- resolve.c \
- rw.c \
- save_credentials.c \
- send_to_kdc.c \
- sendauth.c \
- stime.c \
- str2key.c \
- time.c \
- tf_util.c \
- tkt_string.c \
- unparse_name.c \
- verify_user.c \
- version.c
-
-
-# XXX base64.c should really be somewhere else.
-# (or replaced) (they are from libroken)
-
-MAN= kerberos.3 krb_realmofhost.3 krb_sendauth.3 krb_set_tkt_string.3 \
- kuserok.3 tf_util.3
-MLINKS+=kerberos.3 krb_mk_req.3 kerberos.3 krb_rd_req.3 kerberos.3 krb_kntoln.3 \
- kerberos.3 krb_set_key.3 kerberos.3 krb_get_cred.3 kerberos.3 krb_mk_priv.3 \
- kerberos.3 krb_rd_priv.3 kerberos.3 krb_mk_safe.3 kerberos.3 krb_rd_safe.3 \
- kerberos.3 krb_mk_err.3 kerberos.3 krb_rd_err.3 kerberos.3 krb_ck_repl.3
-MLINKS+=krb_realmofhost.3 krb_get_phost.3 krb_realmofhost.3 krb_get_krbhst.3 \
- krb_realmofhost.3 krb_get_admhst.3 krb_realmofhost.3 krb_get_lrealm.3
-MLINKS+=krb_sendauth.3 krb_recvauth.3 krb_sendauth.3 krb_net_write.3 \
- krb_sendauth.3 krb_net_read.3
-MLINKS+=tf_util.3 tf_init.3 tf_util.3 tf_get_pname.3 tf_util.3 tf_get_pinst.3 \
- tf_util.3 tf_get_cred.3 tf_util.3 tf_close.3
-
-LDADD+= ${COM_ERR}
-CLEANFILES+= krb_err.c krb_err.h
-
-krb_err.c krb_err.h: krb_err.et
- test -e krb_err.et || ln -s ${.CURDIR}/krb_err.et .
- compile_et krb_err.et
- -test -h krb_err.et && rm krb_err.et
-
-beforedepend prereq: krb_err.h
-
-includes: krb_err.h
- -cd ${.OBJDIR}; cmp -s krb_err.h \
- ${DESTDIR}/usr/include/kerberosIV/krb_err.h || \
- ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \
- krb_err.h ${DESTDIR}/usr/include/kerberosIV
-
-.include <bsd.lib.mk>
diff --git a/kerberosIV/krb/base64.c b/kerberosIV/krb/base64.c
deleted file mode 100644
index 2a7b9438253..00000000000
--- a/kerberosIV/krb/base64.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/* $OpenBSD: base64.c,v 1.2 1997/12/09 07:57:09 art Exp $ */
-/* $KTH: base64.c,v 1.1 1997/08/27 22:41:56 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-static int pos(char c)
-{
- char *p;
- for(p = base64; *p; p++)
- if(*p == c)
- return p - base64;
- return -1;
-}
-
-int base64_encode(const void *data, int size, char **str)
-{
- char *s, *p;
- int i;
- int c;
- unsigned char *q;
-
- p = s = (char*)malloc(size*4/3+4);
- if (p == NULL || data == NULL || str == NULL)
- return -1;
-
- q = (unsigned char*)data;
- i=0;
- for(i = 0; i < size;){
- c=q[i++];
- c*=256;
- if(i < size)
- c+=q[i];
- i++;
- c*=256;
- if(i < size)
- c+=q[i];
- i++;
- p[0]=base64[(c&0x00fc0000) >> 18];
- p[1]=base64[(c&0x0003f000) >> 12];
- p[2]=base64[(c&0x00000fc0) >> 6];
- p[3]=base64[(c&0x0000003f) >> 0];
- if(i > size)
- p[3]='=';
- if(i > size+1)
- p[2]='=';
- p+=4;
- }
- *p=0;
- *str = s;
- return strlen(s);
-}
-
-int base64_decode(const char *str, void *data)
-{
- const char *p;
- unsigned char *q;
- int c;
- int x;
- int done = 0;
- q=(unsigned char*)data;
- for(p=str; *p && !done; p+=4){
- x = pos(p[0]);
- if(x >= 0)
- c = x;
- else{
- done = 3;
- break;
- }
- c*=64;
-
- x = pos(p[1]);
- if(x >= 0)
- c += x;
- else
- return -1;
- c*=64;
-
- if(p[2] == '=')
- done++;
- else{
- x = pos(p[2]);
- if(x >= 0)
- c += x;
- else
- return -1;
- }
- c*=64;
-
- if(p[3] == '=')
- done++;
- else{
- if(done)
- return -1;
- x = pos(p[3]);
- if(x >= 0)
- c += x;
- else
- return -1;
- }
- if(done < 3)
- *q++=(c&0x00ff0000)>>16;
-
- if(done < 2)
- *q++=(c&0x0000ff00)>>8;
- if(done < 1)
- *q++=(c&0x000000ff)>>0;
- }
- return q - (unsigned char*)data;
-}
diff --git a/kerberosIV/krb/check_time.c b/kerberosIV/krb/check_time.c
deleted file mode 100644
index ac5d9d8d0a0..00000000000
--- a/kerberosIV/krb/check_time.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/* $OpenBSD: check_time.c,v 1.2 1997/12/09 07:57:10 art Exp $ */
-/* $KTH: check_time.c,v 1.4 1997/04/01 08:18:18 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-int
-krb_check_tm (struct tm tm)
-{
- return tm.tm_mon < 0
- || tm.tm_mon > 11
- || tm.tm_hour < 0
- || tm.tm_hour > 23
- || tm.tm_min < 0
- || tm.tm_min > 59
- || tm.tm_sec < 0
- || tm.tm_sec > 59
- || tm.tm_year < 1901
- || tm.tm_year > 2038;
-}
diff --git a/kerberosIV/krb/cr_err_reply.c b/kerberosIV/krb/cr_err_reply.c
deleted file mode 100644
index ea95e8e4121..00000000000
--- a/kerberosIV/krb/cr_err_reply.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* $OpenBSD: cr_err_reply.c,v 1.3 1997/12/09 07:57:10 art Exp $ */
-/* $KTH: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * This routine is used by the Kerberos authentication server to
- * create an error reply packet to send back to its client.
- *
- * It takes a pointer to the packet to be built, the name, instance,
- * and realm of the principal, the client's timestamp, an error code
- * and an error string as arguments. Its return value is undefined.
- *
- * The packet is built in the following format:
- *
- * type variable data
- * or constant
- * ---- ----------- ----
- *
- * unsigned char req_ack_vno protocol version number
- *
- * unsigned char AUTH_MSG_ERR_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned long e error code
- *
- * string e_string error text
- */
-
-void
-cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm,
- u_int32_t time_ws, u_int32_t e, char *e_string)
-{
- unsigned char *p = pkt->dat;
-
- p += krb_put_int(KRB_PROT_VERSION, p, 1);
- p += krb_put_int(AUTH_MSG_ERR_REPLY, p, 1);
-
- if (pname == NULL) pname = "";
- if (pinst == NULL) pinst = "";
- if (prealm == NULL) prealm = "";
-
- p += krb_put_nir(pname, pinst, prealm, p);
-
- p += krb_put_int(time_ws, p, 4);
-
- p += krb_put_int(e, p, 4);
-
- p += krb_put_string(e_string, p);
-
- pkt->length = p - pkt->dat;
-}
diff --git a/kerberosIV/krb/create_auth_reply.c b/kerberosIV/krb/create_auth_reply.c
deleted file mode 100644
index 0178ebaf897..00000000000
--- a/kerberosIV/krb/create_auth_reply.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* $OpenBSD: create_auth_reply.c,v 1.4 1998/07/07 19:06:44 art Exp $ */
-/* $KTH: create_auth_reply.c,v 1.11 1997/04/01 08:18:20 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * This routine is called by the Kerberos authentication server
- * to create a reply to an authentication request. The routine
- * takes the user's name, instance, and realm, the client's
- * timestamp, the number of tickets, the user's key version
- * number and the ciphertext containing the tickets themselves.
- * It constructs a packet and returns a pointer to it.
- *
- * Notes: The packet returned by this routine is static. Thus, if you
- * intend to keep the result beyond the next call to this routine, you
- * must copy it elsewhere.
- *
- * The packet is built in the following format:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- * unsigned char KRB_PROT_VERSION protocol version number
- *
- * unsigned char AUTH_MSG_KDC_REPLY protocol message type
- *
- * [least significant HOST_BYTE_ORDER sender's (server's) byte
- * bit of above field] order
- *
- * string pname principal's name
- *
- * string pinst principal's instance
- *
- * string prealm principal's realm
- *
- * unsigned long time_ws client's timestamp
- *
- * unsigned char n number of tickets
- *
- * unsigned long x_date expiration date
- *
- * unsigned char kvno master key version
- *
- * short w_1 cipher length
- *
- * --- cipher->dat cipher data
- */
-
-KTEXT
-create_auth_reply(char *pname, /* Principal's name */
- char *pinst, /* Principal's instance */
- char *prealm, /* Principal's authentication domain */
- int32_t time_ws, /* Workstation time */
- int n, /* Number of tickets */
- u_int32_t x_date, /* Principal's expiration date */
- int kvno, /* Principal's key version number */
- KTEXT cipher) /* Cipher text with tickets and session keys */
-{
- static KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st;
-
- unsigned char *p = pkt->dat;
-
- if(n != 0)
- return NULL;
-
- p += krb_put_int(KRB_PROT_VERSION, p, 1);
- p += krb_put_int(AUTH_MSG_KDC_REPLY, p, 1);
-
- p += krb_put_nir(pname, pinst, prealm, p);
-
- p += krb_put_int(time_ws, p, 4);
-
- p += krb_put_int(n, p, 1);
-
- p += krb_put_int(x_date, p, 4);
-
- p += krb_put_int(kvno, p, 1);
-
- p += krb_put_int(cipher->length, p, 2);
-
- memcpy(p, cipher->dat, cipher->length);
- p += cipher->length;
-
- pkt->length = p - pkt->dat;
-
- return pkt;
-}
diff --git a/kerberosIV/krb/create_ciph.c b/kerberosIV/krb/create_ciph.c
deleted file mode 100644
index 65d9bbc0be4..00000000000
--- a/kerberosIV/krb/create_ciph.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/* $OpenBSD: create_ciph.c,v 1.3 1997/12/09 07:57:11 art Exp $ */
-
-/* $KTH: create_ciph.c,v 1.9 1997/04/01 08:18:20 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * This routine is used by the authentication server to create
- * a packet for its client, containing a ticket for the requested
- * service (given in "tkt"), and some information about the ticket,
- *
- * Returns KSUCCESS no matter what.
- *
- * The length of the cipher is stored in c->length; the format of
- * c->dat is as follows:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- *
- * 8 bytes session session key for client, service
- *
- * string service service name
- *
- * string instance service instance
- *
- * string realm KDC realm
- *
- * unsigned char life ticket lifetime
- *
- * unsigned char kvno service key version number
- *
- * unsigned char tkt->length length of following ticket
- *
- * data tkt->dat ticket for service
- *
- * 4 bytes kdc_time KDC's timestamp
- *
- * <=7 bytes null null pad to 8 byte multiple
- *
- */
-
-int
-create_ciph(KTEXT c, /* Text block to hold ciphertext */
- unsigned char *session, /* Session key to send to user */
- char *service, /* Service name on ticket */
- char *instance, /* Instance name on ticket */
- char *realm, /* Realm of this KDC */
- u_int32_t life, /* Lifetime of the ticket */
- int kvno, /* Key version number for service */
- KTEXT tkt, /* The ticket for the service */
- u_int32_t kdc_time, /* KDC time */
- des_cblock *key) /* Key to encrypt ciphertext with */
-
-{
- unsigned char *p = c->dat;
-
- memset(c, 0, sizeof(KTEXT_ST));
-
- memcpy(p, session, 8);
- p += 8;
-
- p += krb_put_nir(service, instance, realm, p);
-
- p += krb_put_int(life, p, 1);
- p += krb_put_int(kvno, p, 1);
-
- p += krb_put_int(tkt->length, p, 1);
-
- memcpy(p, tkt->dat, tkt->length);
- p += tkt->length;
-
- p += krb_put_int(kdc_time, p, 4);
-
- /* multiple of eight bytes */
- c->length = (p - c->dat + 7) & ~7;
-
- encrypt_ktext(c, key, DES_ENCRYPT);
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/create_death_packet.c b/kerberosIV/krb/create_death_packet.c
deleted file mode 100644
index fb1c54488d7..00000000000
--- a/kerberosIV/krb/create_death_packet.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/* $OpenBSD: create_death_packet.c,v 1.3 1997/12/09 07:57:11 art Exp $ */
-/* $KTH: create_death_packet.c,v 1.8 1997/04/01 08:18:21 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * This routine creates a packet to type AUTH_MSG_DIE which is sent to
- * the Kerberos server to make it shut down. It is used only in the
- * development environment.
- *
- * It takes a string "a_name" which is sent in the packet. A pointer
- * to the packet is returned.
- *
- * The format of the killer packet is:
- *
- * type variable data
- * or constant
- * ---- ----------- ----
- *
- * unsigned char KRB_PROT_VERSION protocol version number
- *
- * unsigned char AUTH_MSG_DIE message type
- *
- * [least significant HOST_BYTE_ORDER byte order of sender
- * bit of above field]
- *
- * string a_name presumably, name of
- * principal sending killer
- * packet
- */
-
-#ifdef DEBUG
-KTEXT
-krb_create_death_packet(char *a_name)
-{
- static KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st;
-
- unsigned char *p = pkt->dat;
-
- p += krb_put_int(KRB_PROT_VERSION, p, 1);
- p += krb_put_int(AUTH_MSG_DIE, p, 1);
-
- p += krb_put_string(a_name, p);
- pkt->length = p - pkt->dat;
- return pkt;
-}
-#endif /* DEBUG */
diff --git a/kerberosIV/krb/create_ticket.c b/kerberosIV/krb/create_ticket.c
deleted file mode 100644
index 8c74a2a654a..00000000000
--- a/kerberosIV/krb/create_ticket.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/* $OpenBSD: create_ticket.c,v 1.3 1997/12/09 07:57:12 art Exp $ */
-/* $KTH: create_ticket.c,v 1.12 1997/04/01 08:18:21 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * Create ticket takes as arguments information that should be in a
- * ticket, and the KTEXT object in which the ticket should be
- * constructed. It then constructs a ticket and returns, leaving the
- * newly created ticket in tkt.
- * The length of the ticket is a multiple of
- * eight bytes and is in tkt->length.
- *
- * If the ticket is too long, the ticket will contain nulls.
- *
- * The corresponding routine to extract information from a ticket it
- * decomp_ticket. When changes are made to this routine, the
- * corresponding changes should also be made to that file.
- *
- * The packet is built in the following format:
- *
- * variable
- * type or constant data
- * ---- ----------- ----
- *
- * tkt->length length of ticket (multiple of 8 bytes)
- *
- * tkt->dat:
- *
- * unsigned char flags namely, HOST_BYTE_ORDER
- *
- * string pname client's name
- *
- * string pinstance client's instance
- *
- * string prealm client's realm
- *
- * 4 bytes paddress client's address
- *
- * 8 bytes session session key
- *
- * 1 byte life ticket lifetime
- *
- * 4 bytes time_sec KDC timestamp
- *
- * string sname service's name
- *
- * string sinstance service's instance
- *
- * <=7 bytes null null pad to 8 byte multiple
- *
- */
-
-int
-krb_create_ticket(KTEXT tkt, /* Gets filled in by the ticket */
- unsigned char flags, /* Various Kerberos flags */
- char *pname, /* Principal's name */
- char *pinstance, /* Principal's instance */
- char *prealm, /* Principal's authentication domain */
- int32_t paddress, /* Net address of requesting entity */
- void *session, /* Session key inserted in ticket */
- int16_t life, /* Lifetime of the ticket */
- int32_t time_sec, /* Issue time and date */
- char *sname, /* Service Name */
- char *sinstance, /* Instance Name */
- des_cblock *key) /* Service's secret key */
-{
- unsigned char *p = tkt->dat;
-
- memset(tkt, 0, sizeof(KTEXT_ST));
-
- p += krb_put_int(flags, p, 1);
- p += krb_put_nir(pname, pinstance, prealm, p);
-
- p += krb_put_address(paddress, p);
-
- memcpy(p, session, 8);
- p += 8;
-
- p += krb_put_int(life, p, 1);
- p += krb_put_int(time_sec, p, 4);
-
- p += krb_put_nir(sname, sinstance, NULL, p);
-
- /* multiple of eight bytes */
- tkt->length = (p - tkt->dat + 7) & ~7;
-
- /* Check length of ticket */
- if (tkt->length > (sizeof(KTEXT_ST) - 7)) {
- memset(tkt->dat, 0, tkt->length);
- tkt->length = 0;
- return KFAILURE /* XXX */;
- }
-
- encrypt_ktext(tkt, key, DES_ENCRYPT);
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/debug_decl.c b/kerberosIV/krb/debug_decl.c
deleted file mode 100644
index 2f968657d6e..00000000000
--- a/kerberosIV/krb/debug_decl.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/* $OpenBSD: debug_decl.c,v 1.6 1998/07/07 19:06:45 art Exp $ */
-/* $KTH: debug_decl.c,v 1.7 1997/10/28 15:44:00 bg Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/* Declare global debugging variables. */
-
-int krb_ap_req_debug = 0;
-int krb_debug = 0;
-int krb_dns_debug = 0;
-
-int
-krb_enable_debug(void)
-{
- krb_ap_req_debug = krb_debug = krb_dns_debug = 1;
-}
diff --git a/kerberosIV/krb/decomp_ticket.c b/kerberosIV/krb/decomp_ticket.c
deleted file mode 100644
index fe7e99b2b2a..00000000000
--- a/kerberosIV/krb/decomp_ticket.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* $OpenBSD: decomp_ticket.c,v 1.5 1997/12/12 05:30:19 art Exp $ */
-/* $KTH: decomp_ticket.c,v 1.16 1997/04/01 08:18:22 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * This routine takes a ticket and pointers to the variables that
- * should be filled in based on the information in the ticket. It
- * fills in values for its arguments.
- *
- * The routine returns KFAILURE if any of the "pname", "pinstance",
- * or "prealm" fields is too big, otherwise it returns KSUCCESS.
- *
- * The corresponding routine to generate tickets is create_ticket.
- * When changes are made to this routine, the corresponding changes
- * should also be made to that file.
- *
- * See create_ticket.c for the format of the ticket packet.
- */
-
-int
-decomp_ticket(KTEXT tkt, /* The ticket to be decoded */
- unsigned char *flags, /* Kerberos ticket flags */
- char *pname, /* Authentication name */
- char *pinstance, /* Principal's instance */
- char *prealm, /* Principal's authentication domain */
- u_int32_t *paddress,/* Net address of entity requesting ticket */
- unsigned char *session, /* Session key inserted in ticket */
- int *life, /* Lifetime of the ticket */
- u_int32_t *time_sec, /* Issue time and date */
- char *sname, /* Service name */
- char *sinstance, /* Service instance */
- des_cblock *key, /* Service's secret key (to decrypt the ticket) */
- des_key_schedule schedule) /* The precomputed key schedule */
-
-{
- unsigned char *p = tkt->dat;
-
- int little_endian;
-
- des_pcbc_encrypt((des_cblock *)tkt->dat, (des_cblock *)tkt->dat,
- tkt->length, schedule, key, DES_DECRYPT);
-
- tkt->mbz = 0;
-
- *flags = *p++;
-
- little_endian = *flags & 1;
-
- if(strlen((char*)p) > ANAME_SZ)
- return KFAILURE;
- p += krb_get_string(p, pname);
-
- if(strlen((char*)p) > INST_SZ)
- return KFAILURE;
- p += krb_get_string(p, pinstance);
-
- if(strlen((char*)p) > REALM_SZ)
- return KFAILURE;
- p += krb_get_string(p, prealm);
-
- if(tkt->length - (p - tkt->dat) < 8 + 1 + 4)
- return KFAILURE;
- p += krb_get_address(p, paddress);
-
- memcpy(session, p, 8);
- p += 8;
-
- *life = *p++;
-
- p += krb_get_int(p, time_sec, 4, little_endian);
-
- if(strlen((char*)p) > SNAME_SZ)
- return KFAILURE;
- p += krb_get_string(p, sname);
-
- if(strlen((char*)p) > INST_SZ)
- return KFAILURE;
- p += krb_get_string(p, sinstance);
-
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/dest_tkt.c b/kerberosIV/krb/dest_tkt.c
deleted file mode 100644
index 8a3a8f70308..00000000000
--- a/kerberosIV/krb/dest_tkt.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/* $OpenBSD: dest_tkt.c,v 1.5 1998/02/25 15:51:06 art Exp $ */
-/* $KTH: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * dest_tkt() is used to destroy the ticket store upon logout.
- * If the ticket file does not exist, dest_tkt() returns RET_TKFIL.
- * Otherwise the function returns RET_OK on success, KFAILURE on
- * failure.
- *
- * The ticket file (TKT_FILE) is defined in "krb.h".
- */
-
-int
-dest_tkt(void)
-{
- char *file = TKT_FILE;
- int i,fd;
- struct stat statb;
- char buf[BUFSIZ];
-
- errno = 0;
- if (lstat(file, &statb) < 0)
- goto out;
-
- if (!(statb.st_mode & S_IFREG)
-#ifdef notdef
- || statb.st_mode & 077
-#endif
- )
- goto out;
-
- if ((fd = open(file, O_RDWR, 0)) < 0)
- goto out;
-
- memset(buf, 0, BUFSIZ);
-
- for (i = 0; i < statb.st_size; i += sizeof(buf))
- if (write(fd, buf, sizeof(buf)) != sizeof(buf)) {
- fsync(fd);
- close(fd);
- goto out;
- }
-
-
- fsync(fd);
- close(fd);
-
- unlink(file);
-
-out:
- if (errno == ENOENT) return RET_TKFIL;
- else if (errno != 0) return KFAILURE;
- return(KSUCCESS);
-}
diff --git a/kerberosIV/krb/encrypt_ktext.c b/kerberosIV/krb/encrypt_ktext.c
deleted file mode 100644
index 95d1348b0fc..00000000000
--- a/kerberosIV/krb/encrypt_ktext.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/* $OpenBSD: encrypt_ktext.c,v 1.2 1997/12/09 07:57:14 art Exp $ */
-/* $KTH: encrypt_ktext.c,v 1.4 1997/04/01 08:18:26 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-void
-encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt)
-{
- des_key_schedule schedule;
- des_set_key(key, schedule);
- des_pcbc_encrypt((des_cblock*)cip->dat, (des_cblock*)cip->dat,
- cip->length, schedule, key, encrypt);
- memset(schedule, 0, sizeof(des_key_schedule));
-}
diff --git a/kerberosIV/krb/extra.c b/kerberosIV/krb/extra.c
deleted file mode 100644
index 8f86a63da3f..00000000000
--- a/kerberosIV/krb/extra.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/* $OpenBSD: extra.c,v 1.1 1998/07/07 19:06:47 art Exp $ */
-/* $KTH: extra.c,v 1.4 1998/06/03 03:24:09 joda Exp $ */
-
-/*
- * Copyright (c) 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-struct value {
- char *variable;
- char *value;
- struct value *next;
-};
-
-static struct value *_extra_values;
-
-static int _krb_extra_read = 0;
-
-static int
-define_variable(const char *variable, const char *value)
-{
- struct value *e;
- e = malloc(sizeof(*e));
- if(e == NULL)
- return ENOMEM;
- e->variable = strdup(variable);
- if(e->variable == NULL) {
- free(e);
- return ENOMEM;
- }
- e->value = strdup(value);
- if(e->value == NULL) {
- free(e->variable);
- free(e);
- return ENOMEM;
- }
- e->next = _extra_values;
- _extra_values = e;
-}
-
-#ifndef WIN32
-
-struct obsolete {
- const char *from;
- const char *to;
-} obsolete [] = {
- { "KDC_TIMESYNC", "kdc_timesync" },
- { "KRB_REVERSE_DIRECTION", "reverse_lsb_test"},
- { "krb4_proxy", "krb4_proxy"},
- { NULL, NULL }
-};
-
-static void
-check_obsolete(void)
-{
- struct obsolete *r;
- for(r = obsolete; r->from; r++) {
- if(getenv(r->from)) {
- krb_warning("The environment variable `%s' is obsolete;\n"
- "set `%s' in your `krb.extra' file instead\n",
- r->from, r->to);
- define_variable(r->to, getenv(r->from));
- }
- }
-}
-
-static int
-read_extra_file(void)
-{
- int i = 0;
- char file[128];
- char line[1024];
- if(_krb_extra_read)
- return 0;
- _krb_extra_read = 1;
- check_obsolete();
- while(krb_get_krbextra(i++, file, sizeof(file)) == 0) {
- FILE *f = fopen(file, "r");
- if(f == NULL)
- continue;
- while(fgets(line, sizeof(line), f)) {
- char *save = NULL;
- char *var, *tmp, *val;
-
- /* skip initial whitespace */
- var = line + strspn(line, " \t");
- /* skip non-whitespace */
- tmp = var + strcspn(var, " \t=");
- /* skip whitespace */
- val = tmp + strspn(tmp, " \t=");
- *tmp = '\0';
- tmp = val + strcspn(val, " \t\n");
- *tmp = '\0';
- if(*var == '\0' || *var == '#' || *val == '\0')
- continue;
- if(krb_debug)
- krb_warning("%s: setting `%s' to `%s'\n", file, var, val);
- define_variable(var, val);
- }
- fclose(f);
- return 0;
- }
- return ENOENT;
-}
-
-#else /* WIN32 */
-
-static int
-read_extra_file(void)
-{
- char name[1024], data[1024];
- DWORD name_sz, data_sz;
- DWORD type;
- int num = 0;
- HKEY reg_key;
-
- if(_krb_extra_read)
- return 0;
- _krb_extra_read = 1;
-
- if(RegCreateKey(HKEY_CURRENT_USER, "krb4", &reg_key) != 0)
- return -1;
-
-
- while(1) {
- name_sz = sizeof(name);
- data_sz = sizeof(data);
- if(RegEnumValue(reg_key,
- num++,
- name,
- &name_sz,
- NULL,
- &type,
- data,
- &data_sz) != 0)
- break;
- if(type == REG_SZ)
- define_variable(name, data);
- }
- RegCloseKey(reg_key);
- return 0;
-}
-
-#endif
-
-static const char*
-find_variable(const char *variable)
-{
- struct value *e;
- for(e = _extra_values; e; e = e->next) {
- if(strcasecmp(variable, e->variable) == 0)
- return e->value;
- }
- return NULL;
-}
-
-const char *
-krb_get_config_string(const char *variable)
-{
- read_extra_file();
- return find_variable(variable);
-}
-
-int
-krb_get_config_bool(const char *variable)
-{
- const char *value = krb_get_config_string(variable);
- if(value == NULL)
- return 0;
- return strcasecmp(value, "yes") == 0 ||
- strcasecmp(value, "true") == 0 ||
- atoi(value);
-}
diff --git a/kerberosIV/krb/get_ad_tkt.c b/kerberosIV/krb/get_ad_tkt.c
deleted file mode 100644
index 0308f2eae71..00000000000
--- a/kerberosIV/krb/get_ad_tkt.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/* $OpenBSD: get_ad_tkt.c,v 1.6 1998/05/18 00:53:38 art Exp $ */
-/* $KTH: get_ad_tkt.c,v 1.18 1998/02/19 19:13:29 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * get_ad_tkt obtains a new service ticket from Kerberos, using
- * the ticket-granting ticket which must be in the ticket file.
- * It is typically called by krb_mk_req() when the client side
- * of an application is creating authentication information to be
- * sent to the server side.
- *
- * get_ad_tkt takes four arguments: three pointers to strings which
- * contain the name, instance, and realm of the service for which the
- * ticket is to be obtained; and an integer indicating the desired
- * lifetime of the ticket.
- *
- * It returns an error status if the ticket couldn't be obtained,
- * or AD_OK if all went well. The ticket is stored in the ticket
- * cache.
- *
- * The request sent to the Kerberos ticket-granting service looks
- * like this:
- *
- * pkt->dat
- *
- * TEXT original contents of authenticator+ticket
- * pkt->dat built in krb_mk_req call
- *
- * 4 bytes time_ws always 0 (?)
- * char lifetime lifetime argument passed
- * string service service name argument
- * string sinstance service instance arg.
- *
- * See "prot.h" for the reply packet layout and definitions of the
- * extraction macros like pkt_version(), pkt_msg_type(), etc.
- */
-
-int
-get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
-{
- static KTEXT_ST pkt_st;
- KTEXT pkt = & pkt_st; /* Packet to KDC */
- static KTEXT_ST rpkt_st;
- KTEXT rpkt = &rpkt_st; /* Returned packet */
-
- CREDENTIALS cr;
- char lrealm[REALM_SZ];
- u_int32_t time_ws = 0;
- int kerror;
- unsigned char *p;
-
- /*
- * First check if we have a "real" TGT for the corresponding
- * realm, if we don't, use ordinary inter-realm authentication.
- */
-
- kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr);
- if (kerror == KSUCCESS) {
- strncpy(lrealm, realm, REALM_SZ);
- lrealm[REALM_SZ - 1] = '\0';
- } else
- kerror = krb_get_tf_realm(TKT_FILE, lrealm);
-
- if (kerror != KSUCCESS)
- return(kerror);
-
- /*
- * Look for the session key (and other stuff we don't need)
- * in the ticket file for krbtgt.realm@lrealm where "realm"
- * is the service's realm (passed in "realm" argument) and
- * lrealm is the realm of our initial ticket. If we don't
- * have this, we will try to get it.
- */
-
- if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
- realm, lrealm, &cr)) != KSUCCESS) {
- /*
- * If realm == lrealm, we have no hope, so let's not even try.
- */
- if ((strncmp(realm, lrealm, REALM_SZ)) == 0)
- return(AD_NOTGT);
- else {
- if ((kerror =
- get_ad_tkt(KRB_TICKET_GRANTING_TICKET,
- realm, lrealm, lifetime)) != KSUCCESS) {
- if (kerror == KDC_PR_UNKNOWN)
- return(AD_INTR_RLM_NOTGT);
- else
- return(kerror);
- }
- if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
- realm, lrealm, &cr)) != KSUCCESS)
- return(kerror);
- }
- }
-
- /*
- * Make up a request packet to the "krbtgt.realm@lrealm".
- * Start by calling krb_mk_req() which puts ticket+authenticator
- * into "pkt". Then tack other stuff on the end.
- */
-
- kerror = krb_mk_req(pkt,
- KRB_TICKET_GRANTING_TICKET,
- realm,lrealm,0L);
-
- if (kerror)
- return(AD_NOTGT);
-
- p = pkt->dat + pkt->length;
-
- p += krb_put_int(time_ws, p, 4);
- p += krb_put_int(lifetime, p, 1);
- p += krb_put_nir(service, sinstance, NULL, p);
-
- pkt->length = p - pkt->dat;
- rpkt->length = 0;
-
- /* Send the request to the local ticket-granting server */
- if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror);
-
- /* check packet version of the returned packet */
-
- {
- KTEXT_ST cip;
- CREDENTIALS cred;
- struct timeval tv;
-
- kerror = kdc_reply_cipher(rpkt, &cip);
- if(kerror != KSUCCESS)
- return kerror;
-
- encrypt_ktext(&cip, &cr.session, DES_DECRYPT);
-
- kerror = kdc_reply_cred(&cip, &cred);
- if(kerror != KSUCCESS)
- return kerror;
-
- if (strcmp(cred.service, service) || strcmp(cred.instance, sinstance) ||
- strcmp(cred.realm, realm)) /* not what we asked for */
- return INTK_ERR; /* we need a better code here XXX */
-
- krb_kdctimeofday(&tv);
- if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) {
- return RD_AP_TIME; /* XXX should probably be better code */
- }
-
-
- kerror = save_credentials(cred.service, cred.instance, cred.realm,
- cred.session, cred.lifetime, cred.kvno,
- &cred.ticket_st, tv.tv_sec);
- return kerror;
- }
-}
diff --git a/kerberosIV/krb/get_cred.c b/kerberosIV/krb/get_cred.c
deleted file mode 100644
index 0cd6ef07fd9..00000000000
--- a/kerberosIV/krb/get_cred.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/* $OpenBSD: get_cred.c,v 1.6 1998/05/17 23:21:55 art Exp $ */
-/* $KTH: get_cred.c,v 1.7 1997/12/15 17:12:55 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-
-#include "krb_locl.h"
-
-/*
- * krb_get_cred takes a service name, instance, and realm, and a
- * structure of type CREDENTIALS to be filled in with ticket
- * information. It then searches the ticket file for the appropriate
- * ticket and fills in the structure with the corresponding
- * information from the file. If successful, it returns KSUCCESS.
- * On failure it returns a Kerberos error code.
- */
-
-int
-krb_get_cred(char *service, /* Service name */
- char *instance, /* Instance */
- char *realm, /* Auth domain */
- CREDENTIALS *c) /* Credentials struct */
-{
- int tf_status; /* return value of tf function calls */
- CREDENTIALS cr;
-
- if (c == NULL)
- c = &cr;
-
- /* Open ticket file and lock it for shared reading */
- if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- /* Copy principal's name and instance into the CREDENTIALS struc c */
-
- if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS ||
- (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS )
- return (tf_status);
-
- /* Search for requested service credentials and copy into c */
-
- while ((tf_status = tf_get_cred(c)) == KSUCCESS) {
- if ((strcmp(c->service,service) == 0) &&
- (strcmp(c->instance,instance) == 0) &&
- (strcmp(c->realm,realm) == 0))
- break;
- }
- tf_close();
-
- if (tf_status == EOF)
- return (GC_NOTKT);
- return(tf_status);
-}
diff --git a/kerberosIV/krb/get_default_principal.c b/kerberosIV/krb/get_default_principal.c
deleted file mode 100644
index a2569e306c2..00000000000
--- a/kerberosIV/krb/get_default_principal.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/* $OpenBSD: get_default_principal.c,v 1.2 1997/12/09 07:57:16 art Exp $ */
-/* $KTH: get_default_principal.c,v 1.10 1997/04/01 08:18:28 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-int
-krb_get_default_principal(char *name, char *instance, char *realm)
-{
- char *file;
- int ret;
-
- char *p;
-
- if ((file = getenv("KRBTKFILE")) == NULL)
- file = TKT_FILE;
-
- ret = krb_get_tf_fullname(file, name, instance, realm);
- if(ret == KSUCCESS)
- return 0;
-
- p = getenv("KRB4PRINCIPAL");
- if(p && kname_parse(name, instance, realm, p) == KSUCCESS)
- return 1;
-
- {
- struct passwd *pw;
- pw = getpwuid(getuid());
- if(pw == NULL){
- return -1;
- }
-
- strncpy(name, pw->pw_name, ANAME_SZ);
- name[ANAME_SZ-1] = '\0';
- strncpy(instance, "", 2);
- krb_get_lrealm(realm, 1);
-
- if(strcmp(name, "root") == 0){
- p = NULL;
- p = getlogin();
- if(p == NULL)
- p = getenv("USER");
- if(p == NULL)
- p = getenv("LOGNAME");
- if(p){
- strncpy (name, p, ANAME_SZ);
- name[ANAME_SZ - 1] = '\0';
- strncpy(instance, "root", 5);
- }
- }
- return 1;
- }
- return -1;
-}
diff --git a/kerberosIV/krb/get_host.c b/kerberosIV/krb/get_host.c
deleted file mode 100644
index 6b6e91b3bfc..00000000000
--- a/kerberosIV/krb/get_host.c
+++ /dev/null
@@ -1,368 +0,0 @@
-/* $OpenBSD: get_host.c,v 1.9 1998/07/07 19:06:47 art Exp $ */
-/* $KTH: get_host.c,v 1.37 1998/01/17 00:05:47 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-static struct host_list {
- struct krb_host *this;
- struct host_list *next;
-} *hosts;
-
-static int krb_port = 0;
-
-static void
-free_hosts(struct host_list *h)
-{
- struct host_list *t;
- while(h){
- if(h->this->realm != NULL)
- {
- free(h->this->realm);
- h->this->realm = NULL;
- }
- if(h->this->host != NULL)
- {
- free(h->this->host);
- h->this->host = NULL;
- }
- t = h;
- h = h->next;
- free(t);
- t=NULL;
- }
-}
-
-static int
-parse_address(char *address, enum krb_host_proto *proto,
- char **host, int *port)
-{
- char *p, *q;
- int default_port = krb_port;
-
- if (proto == NULL || address == NULL || port == NULL || host == NULL)
- return -1;
-
- *proto = PROTO_UDP;
- if(strncmp(address, "http://", 7) == 0){
- p = address + 7;
- *proto = PROTO_HTTP;
- default_port = 80;
- }else{
- p = strchr(address, '/');
- if(p){
- char prot[32];
-
- strncpy(prot, address, MIN(p - address, 32));
- prot[ MIN(p - address, 32-1) ] = '\0';
- if(strcasecmp(prot, "udp") == 0)
- *proto = PROTO_UDP;
- else if(strcasecmp(prot, "tcp") == 0)
- *proto = PROTO_TCP;
- else if(strcasecmp(prot, "http") == 0) {
- *proto = PROTO_HTTP;
- default_port = 80;
- } else
- krb_warning("Unknown protocol `%s', Using default `udp'.\n",
- prot);
- p++;
- }else
- p = address;
- }
- q = strchr(p, ':');
- if(q != NULL){
- *host = (char*)malloc(q - p + 1);
- if (*host == NULL)
- return -1;
- strncpy(*host, p, q - p);
- (*host)[q - p] = '\0';
- q++;
- {
- struct servent *sp = getservbyname(q, NULL);
- if(sp)
- *port = ntohs(sp->s_port);
- else
- if(sscanf(q, "%d", port) != 1){
- krb_warning("Bad port specification `%s', using port %d.",
- q, krb_port);
- *port = krb_port;
- }
- }
- }else{
- *host = strdup(p);
- if(*host == NULL)
- return -1;
- *port = default_port;
- }
- return 0;
-}
-
-static int
-add_host(char *realm, char *address, int admin, int validate)
-{
- struct krb_host *host;
- struct host_list *p, **last = &hosts;
-
- host = (struct krb_host*)malloc(sizeof(struct krb_host));
- if (host == NULL)
- return 1;
- if(parse_address(address, &host->proto, &host->host, &host->port) < 0)
- return 1;
- if (validate) {
- if (krb_dns_debug)
- krb_warning("Getting host entry for %s...", host->host);
- if(gethostbyname(host->host) == NULL) {
- if (krb_dns_debug)
- krb_warning("Didn't get it.\n");
- free(host->host);
- host->host = NULL;
- free(host);
- host = NULL;
- return 1;
- } else if (krb_dns_debug)
- krb_warning("Got it.\n");
- }
- host->admin = admin;
- for(p = hosts; p; p = p->next){
- if(strcmp(realm, p->this->realm) == 0 &&
- strcmp(host->host, p->this->host) == 0 &&
- host->proto == p->this->proto &&
- host->port == p->this->port){
- free(host->host);
- host->host = NULL;
- free(host);
- host = NULL;
- return 1;
- }
- last = &p->next;
- }
- host->realm = strdup(realm);
- if (host->realm == NULL) {
- free(host->host);
- host->host = NULL;
- free(host);
- host = NULL;
- return 1;
- }
- p = (struct host_list*)malloc(sizeof(struct host_list));
- if (p == NULL) {
- free(host->realm);
- host->realm = NULL;
- free(host->host);
- host->host = NULL;
- free(host);
- host = NULL;
- return 1;
- }
- p->this = host;
- p->next = NULL;
- *last = p;
- return 0;
- }
-
-
-static int
-read_file(const char *filename, const char *r)
-{
- char line[1024];
- char realm[1024];
- char address[1024];
- char scratch[1024];
- int n;
- int nhosts = 0;
- FILE *f;
-
- if (filename == NULL)
- return -1;
-
- f = fopen(filename, "r");
- if(f == NULL)
- return -1;
- while(fgets(line, sizeof(line), f) != NULL) {
- char *format = NULL;
-
- asprintf(&format, "%%%ds %%%ds admin %%%ds", sizeof(realm) - 1,
- sizeof(address) - 1, sizeof(scratch) - 1);
- if (format == NULL) {
- fclose(f);
- return -1;
- }
- n = sscanf(line, format, realm, address, scratch);
- free(format);
- format = NULL;
- if(n == 2 || n == 3){
- if(strcmp(realm, r))
- continue;
- if(add_host(realm, address, n == 3, 0) == 0)
- nhosts++;
- }
- }
- fclose(f);
- return nhosts;
-}
-
-static int
-init_hosts(char *realm)
-{
- int i;
- char file[MAXPATHLEN];
-
- krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT)));
- for(i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++)
- read_file(file, realm);
- return 0;
-}
-
-static void
-srv_find_realm(char *realm, char *proto, char *service)
-{
- char *domain;
- struct dns_reply *r;
- struct resource_record *rr;
-
- if (proto == NULL || realm == NULL || service == NULL)
- return;
-
- k_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL);
-
- if(domain == NULL)
- return;
-
- r = dns_lookup(domain, "srv");
- if(r == NULL)
- r = dns_lookup(domain, "txt");
- if(r == NULL){
- free(domain);
- domain = NULL;
- return;
- }
- for(rr = r->head; rr; rr = rr->next){
- if(rr->type == T_SRV){
- char buf[1024];
-
- if (snprintf (buf,
- sizeof(buf),
- "%s/%s:%u",
- proto,
- rr->u.srv->target,
- rr->u.srv->port) < sizeof(buf))
- add_host(realm, buf, 0, 0);
- }else if(rr->type == T_TXT)
- add_host(realm, rr->u.txt, 0, 0);
- }
- dns_free_data(r);
- free(domain);
- domain = NULL;
-}
-
-struct krb_host*
-krb_get_host(int nth, char *realm, int admin)
-{
- struct host_list *p;
- static char orealm[REALM_SZ];
- if(orealm[0] == 0 || strcmp(realm, orealm)){
- /* quick optimization */
- if(realm && realm[0]){
- strncpy(orealm, realm, sizeof(orealm) - 1);
- orealm[sizeof(orealm) - 1] = '\0';
- }else{
- int ret = krb_get_lrealm(orealm, 1);
- if(ret != KSUCCESS)
- return NULL;
- }
-
- if(hosts){
- free_hosts(hosts);
- hosts = NULL;
- }
-
- init_hosts(orealm);
-
- srv_find_realm(orealm, "udp", KRB_SERVICE);
- srv_find_realm(orealm, "tcp", KRB_SERVICE);
- srv_find_realm(orealm, "http", KRB_SERVICE);
-
- {
- /* XXX this assumes no one has more than 99999 kerberos
- servers */
- char host[REALM_SZ + sizeof("kerberos-XXXXX..")];
- int i = 0;
- snprintf(host, sizeof(host), "kerberos.%s.", orealm);
- add_host(orealm, host, 1, 1);
- do{
- i++;
- sprintf(host, "kerberos-%d.%s.", i, orealm);
- }while(i < 100000 && add_host(orealm, host, 0, 1) == 0);
- }
- }
-
- for(p = hosts; p; p = p->next){
- if(strcmp(orealm, p->this->realm) == 0 &&
- (!admin || p->this->admin)) {
- if(nth == 1)
- return p->this;
- else
- nth--;
- }
- }
- return NULL;
-}
-
-int
-krb_get_krbhst(char *host, char *realm, int nth)
-{
- struct krb_host *p = krb_get_host(nth, realm, 0);
- if(p == NULL)
- return KFAILURE;
- strncpy(host, p->host, MAXHOSTNAMELEN);
- host[MAXHOSTNAMELEN-1] = '\0';
- return KSUCCESS;
-}
-
-int
-krb_get_admhst(char *host, char *realm, int nth)
-{
- struct krb_host *p = krb_get_host(nth, realm, 1);
- if(p == NULL)
- return KFAILURE;
- strncpy(host, p->host, MAXHOSTNAMELEN);
- host[MAXHOSTNAMELEN-1] = '\0';
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/get_in_tkt.c b/kerberosIV/krb/get_in_tkt.c
deleted file mode 100644
index 8c27528e521..00000000000
--- a/kerberosIV/krb/get_in_tkt.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/* $OpenBSD: get_in_tkt.c,v 1.10 1998/07/07 19:06:49 art Exp $ */
-/* $KTH: get_in_tkt.c,v 1.19 1997/10/03 21:51:42 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * This file contains three routines: passwd_to_key() and
- * passwd_to_afskey() converts a password into a DES key, using the
- * normal strinttokey and the AFS one, respectively, and
- * krb_get_pw_in_tkt() gets an initial ticket for a user.
- */
-
-/*
- * passwd_to_key() and passwd_to_afskey: given a password, return a DES key.
- */
-
-int
-passwd_to_key(char *user, char *instance, char *realm, void *passwd,
- des_cblock *key)
-{
-#ifndef NOENCRYPTION
- des_string_to_key((char *)passwd, key);
-#endif
- return 0;
-}
-
-int
-passwd_to_5key(char *user, char *instance, char *realm, void *passwd,
- des_cblock *key)
-{
- char *p;
- size_t len;
- len = k_mconcat (&p, 512, passwd, realm, user, instance, NULL);
- if(len == 0)
- return -1;
- des_string_to_key(p, key);
- memset(p, 0, len);
- free(p);
- p = NULL;
- return 0;
-}
-
-
-int
-passwd_to_afskey(char *user, char *instance, char *realm, void *passwd,
- des_cblock *key)
-{
-#ifndef NOENCRYPTION
- afs_string_to_key((char *)passwd, realm, key);
-#endif
- return (0);
-}
-
-/*
- * krb_get_pw_in_tkt() takes the name of the server for which the initial
- * ticket is to be obtained, the name of the principal the ticket is
- * for, the desired lifetime of the ticket, and the user's password.
- * It passes its arguments on to krb_get_in_tkt(), which contacts
- * Kerberos to get the ticket, decrypts it using the password provided,
- * and stores it away for future use.
- *
- * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt():
- * the name of a routine (passwd_to_key()) to be used to get the
- * password in case the "password" argument is null and NULL for the
- * decryption procedure indicating that krb_get_in_tkt should use the
- * default method of decrypting the response from the KDC.
- *
- * The result of the call to krb_get_in_tkt() is returned.
- */
-
-int
-krb_get_pw_in_tkt2(char *user, char *instance, char *realm, char *service,
- char *sinstance, int life, char *password, des_cblock *key)
-{
- char pword[100]; /* storage for the password */
- int code;
-
- /* Only request password once! */
- if (password == NULL) {
- if (des_read_pw_string(pword, sizeof(pword)-1, "Password: ", 0)){
- memset(pword, 0, sizeof(pword));
- return INTK_BADPW;
- }
- password = pword;
- }
-
- {
- KTEXT_ST as_rep;
- CREDENTIALS cred;
- int ret = 0;
- key_proc_t key_procs[] = { passwd_to_key, passwd_to_afskey,
- passwd_to_5key, NULL };
- key_proc_t *kp;
-
- code = krb_mk_as_req(user, instance, realm,
- service, sinstance, life, &as_rep);
- if(code)
- return code;
- for(kp = key_procs; *kp; kp++){
- KTEXT_ST tmp;
- memcpy(&tmp, &as_rep, sizeof(as_rep));
- code = krb_decode_as_rep(user, instance, realm, service, sinstance,
- *kp, NULL, password, &tmp, &cred);
- if(code == 0){
- if(key)
- (**kp)(user, instance, realm, password, key);
- break;
- }
- if(code != INTK_BADPW)
- ret = code; /* this is probably a better code than
- what code gets after this loop */
- }
- if(code)
- return ret ? ret : code;
-
- code = tf_setup(&cred, user, instance);
- }
- if (password == pword)
- memset(pword, 0, sizeof(pword));
- return(code);
-}
-
-int
-krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service,
- char *sinstance, int life, char *password)
-{
- return krb_get_pw_in_tkt2(user, instance, realm,
- service, sinstance, life, password, NULL);
-}
diff --git a/kerberosIV/krb/get_krbrlm.c b/kerberosIV/krb/get_krbrlm.c
deleted file mode 100644
index 5af27ca2dc6..00000000000
--- a/kerberosIV/krb/get_krbrlm.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/* $OpenBSD: get_krbrlm.c,v 1.15 1998/05/18 00:53:41 art Exp $ */
-/* $KTH: get_krbrlm.c,v 1.20 1998/03/18 13:46:51 bg Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * krb_get_lrealm takes a pointer to a string, and a number, n. It fills
- * in the string, r, with the name of the nth realm specified on the
- * first line of the kerberos config file (KRB_CONF, defined in "krb.h").
- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the
- * config file does not exist, and if n=1, a successful return will occur
- * with r = KRB_REALM (also defined in "krb.h").
- *
- * NOTE: for archaic & compatibility reasons, this routine will only return
- * valid results when n = 1.
- *
- * For the format of the KRB_CONF file, see comments describing the routine
- * krb_get_krbhst().
- */
-
-static int
-krb_get_lrealm_f(char *r, int n, const char *fname)
-{
- FILE *f;
- int ret = KFAILURE;
- f = fopen(fname, "r");
- if(f){
- char buf[REALM_SZ];
- if(fgets(buf, sizeof(buf), f)){
- char *p = buf + strspn(buf, " \t");
- p[strcspn(p, " \t\r\n")] = 0;
- p[REALM_SZ - 1] = 0;
- strncpy(r, p, REALM_SZ);
- r[REALM_SZ-1] = '\0';
- if (*p != '#')
- ret = KSUCCESS;
- }
- fclose(f);
- }
- return ret;
-}
-
-static const char *no_default_realm = "NO.DEFAULT.REALM";
-
-int
-krb_get_lrealm(char *r, int n)
-{
- int i;
- char file[MAXPATHLEN];
-
- if (n > 1)
- return(KFAILURE); /* Temporary restriction */
-
- r[0] = '#';
-
- for (i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++)
- if (krb_get_lrealm_f(r, n, file) == KSUCCESS)
- return KSUCCESS;
-
- if (r[0] == '#')
- return(KFAILURE);
-
- /* When nothing else works try default realm */
- if (n == 1) {
- char *t = krb_get_default_realm();
-
- if (strcmp(t, no_default_realm) == 0)
- return KFAILURE;
-
- strncpy (r, t, REALM_SZ - 1);
- r[REALM_SZ - 1] = '\0';
-
- return KSUCCESS;
- }
- else
- return(KFAILURE);
-}
-
-/* For SunOS5 compat. */
-char *
-krb_get_default_realm(void)
-{
- static char local_realm[REALM_SZ]; /* Local kerberos realm */
-
- if (local_realm[0] == 0)
- {
- char *t, hostname[MAXHOSTNAMELEN];
-
- strncpy(local_realm, no_default_realm, sizeof(local_realm) - 1);
- local_realm[sizeof(local_realm) - 1] = '\0';
-
- gethostname(hostname, sizeof(hostname));
- t = krb_realmofhost(hostname);
- if (t && strcmp(t, no_default_realm) != 0) {
- strncpy(local_realm, t, sizeof(local_realm) - 1);
- local_realm[sizeof(local_realm) - 1] = '\0';
- }
- }
-
- return local_realm;
-}
diff --git a/kerberosIV/krb/get_svc_in_tkt.c b/kerberosIV/krb/get_svc_in_tkt.c
deleted file mode 100644
index 0a88d52b4ca..00000000000
--- a/kerberosIV/krb/get_svc_in_tkt.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/* $OpenBSD: get_svc_in_tkt.c,v 1.5 1998/02/25 15:51:11 art Exp $ */
-/* $KTH: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * This file contains two routines: srvtab_to_key(), which gets
- * a server's key from a srvtab file, and krb_get_svc_in_tkt() which
- * gets an initial ticket for a server.
- */
-
-/*
- * srvtab_to_key(): given a "srvtab" file (where the keys for the
- * service on a host are stored), return the private key of the
- * given service (user.instance@realm).
- *
- * srvtab_to_key() passes its arguments on to read_service_key(),
- * plus one additional argument, the key version number.
- * (Currently, the key version number is always 0; this value
- * is treated as a wildcard by read_service_key().)
- *
- * If the "srvtab" argument is null, KEYFILE (defined in "krb.h")
- * is passed in its place.
- *
- * It returns the return value of the read_service_key() call.
- * The service key is placed in "key".
- */
-
-int
-srvtab_to_key(char *user, char *instance, char *realm, void *srvtab,
- des_cblock *key)
-{
- if (!srvtab)
- srvtab = KEYFILE;
-
- return(read_service_key(user, instance, realm, 0, (char *)srvtab,
- (char *)key));
-}
-
-/*
- * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(),
- * plus two additional arguments: a pointer to the srvtab_to_key()
- * function to be used to get the key from the key file and a NULL
- * for the decryption procedure indicating that krb_get_in_tkt should
- * use the default method of decrypting the response from the KDC.
- *
- * It returns the return value of the krb_get_in_tkt() call.
- */
-
-int
-krb_get_svc_in_tkt(char *user, char *instance, char *realm, char *service,
- char *sinstance, int life, char *srvtab)
-{
- return(krb_get_in_tkt(user, instance, realm, service, sinstance,
- life, srvtab_to_key, NULL, srvtab));
-}
diff --git a/kerberosIV/krb/get_tf_fullname.c b/kerberosIV/krb/get_tf_fullname.c
deleted file mode 100644
index bf2187e079f..00000000000
--- a/kerberosIV/krb/get_tf_fullname.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/* $OpenBSD: get_tf_fullname.c,v 1.6 1998/02/25 15:51:13 art Exp $ */
-/* $KTH: get_tf_fullname.c,v 1.6 1997/03/23 03:53:10 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * This file contains a routine to extract the fullname of a user
- * from the ticket file.
- */
-
-/*
- * krb_get_tf_fullname() takes four arguments: the name of the
- * ticket file, and variables for name, instance, and realm to be
- * returned in. Since the realm of a ticket file is not really fully
- * supported, the realm used will be that of the the first ticket in
- * the file as this is the one that was obtained with a password by
- * krb_get_in_tkt().
- */
-
-int
-krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm)
-{
- int tf_status;
- CREDENTIALS c;
-
- if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) ||
- ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS))
- return (tf_status);
-
- if (name != NULL){
- strncpy(name, c.pname, ANAME_SZ);
- name[ANAME_SZ-1] = '\0';
- }
- if (instance != NULL){
- strncpy(instance, c.pinst, INST_SZ);
- instance[INST_SZ-1] = '\0';
- }
- if ((tf_status = tf_get_cred(&c)) == KSUCCESS) {
- if (realm != NULL){
- strncpy(realm, c.realm, REALM_SZ);
- realm[REALM_SZ-1] = '\0';
- }
- }
- else {
- if (tf_status == EOF)
- return(KFAILURE);
- else
- return(tf_status);
- }
- tf_close();
-
- return(tf_status);
-}
diff --git a/kerberosIV/krb/get_tf_realm.c b/kerberosIV/krb/get_tf_realm.c
deleted file mode 100644
index 4940cc49ebc..00000000000
--- a/kerberosIV/krb/get_tf_realm.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/* $OpenBSD: get_tf_realm.c,v 1.5 1998/02/25 15:51:14 art Exp $ */
-/* $KTH: get_tf_realm.c,v 1.5 1997/03/23 03:53:10 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * This file contains a routine to extract the realm of a kerberos
- * ticket file.
- */
-
-/*
- * krb_get_tf_realm() takes two arguments: the name of a ticket
- * and a variable to store the name of the realm in.
- *
- */
-
-int
-krb_get_tf_realm(char *ticket_file, char *realm)
-{
- return(krb_get_tf_fullname(ticket_file, 0, 0, realm));
-}
diff --git a/kerberosIV/krb/getaddrs.c b/kerberosIV/krb/getaddrs.c
deleted file mode 100644
index 90a2a9b0d62..00000000000
--- a/kerberosIV/krb/getaddrs.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* $OpenBSD: getaddrs.c,v 1.9 1998/08/16 20:48:37 art Exp $ */
-/* $KTH: getaddrs.c,v 1.24 1998/04/26 15:10:44 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-#include <sys/ioctl.h>
-#include <net/if.h>
-#include <sys/sockio.h>
-
-#include <err.h>
-
-#ifndef MAX
-#define MAX(a,b) (((a)>(b))?(a):(b))
-#endif /* MAX */
-
-#ifndef MIN
-#define MIN(a,b) (((a)<(b))?(a):(b))
-#endif /* MIN */
-
-/*
- * Return number and list of all local adresses.
- */
-
-int
-k_get_all_addrs (struct in_addr **l)
-{
- int fd;
- char buf[BUFSIZ];
- struct ifreq ifreq;
- struct ifconf ifconf;
- int num, j;
- char *p;
- size_t sz;
-
- if (l == NULL)
- return -1;
-
- fd = socket(AF_INET, SOCK_DGRAM, 0);
- if (fd < 0)
- return -1;
-
- ifconf.ifc_len = sizeof(buf);
- ifconf.ifc_buf = buf;
- if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0)
- return -1;
-
- num = ifconf.ifc_len / sizeof(struct ifreq);
- *l = malloc(num * sizeof(struct in_addr));
- if(*l == NULL) {
- close(fd);
- return -1;
- }
-
- j = 0;
- ifreq.ifr_name[0] = '\0';
- for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len; p += sz) {
- struct ifreq *ifr = (struct ifreq *)p;
- sz = sizeof(*ifr);
- sz = MAX(sz, sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len);
-
- if(strncmp(ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name))) {
- if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0)
- continue;
- if (ifr->ifr_flags & IFF_UP) {
- if(ioctl(fd, SIOCGIFADDR, ifr) < 0)
- continue;
- (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
- }
- ifreq = *ifr;
- }
- }
- if (j != num) {
- struct in_addr *temp;
- if ((temp = realloc (*l, j * sizeof(struct in_addr))) == NULL) {
- free(*l);
- close(fd);
- return -1;
- }
- *l = temp;
- }
-
- close(fd);
- return j;
-}
diff --git a/kerberosIV/krb/getfile.c b/kerberosIV/krb/getfile.c
deleted file mode 100644
index 8ab20c0b5f1..00000000000
--- a/kerberosIV/krb/getfile.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/* $OpenBSD: getfile.c,v 1.3 1998/07/07 19:06:51 art Exp $ */
-/* $KTH: getfile.c,v 1.2 1998/04/04 17:56:35 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-static int
-get_file(const char **files, int num, const char *file, char *buf, size_t len)
-{
- const char *p, **q;
- int i = 0;
- if(!issetugid() && (p = getenv("KRBCONFDIR"))){
- if(num == i){
- snprintf(buf, len, "%s/%s", p, file);
- return 0;
- }
- i++;
- }
- for(q = files; *q != NULL; q++, i++){
- if(num == i){
- snprintf(buf, len, "%s", *q);
- return 0;
- }
- }
- return -1;
-}
-
-int
-krb_get_krbconf(int num, char *buf, size_t len)
-{
- const char *files[] = KRB_CNF_FILES;
- return get_file(files, num, "krb.conf", buf, len);
-}
-
-int
-krb_get_krbrealms(int num, char *buf, size_t len)
-{
- const char *files[] = KRB_RLM_FILES;
- return get_file(files, num, "krb.realms", buf, len);
-}
-
-int
-krb_get_krbextra(int num, char *buf, size_t len)
-{
- const char *files[] = { "/etc/kerberosIV/krb.extra", "/etc/krb.extra",
- NULL };
- return get_file(files, num, "krb.extra", buf, len);
-}
diff --git a/kerberosIV/krb/getrealm.c b/kerberosIV/krb/getrealm.c
deleted file mode 100644
index 2eecd2177dd..00000000000
--- a/kerberosIV/krb/getrealm.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/* $OpenBSD: getrealm.c,v 1.11 1998/05/18 00:53:44 art Exp $ */
-/* $KTH: getrealm.c,v 1.26 1997/10/08 22:51:13 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-#define MATCH_SUBDOMAINS 0
-
-/*
- * krb_realmofhost.
- * Given a fully-qualified domain-style primary host name,
- * return the name of the Kerberos realm for the host.
- * If the hostname contains no discernable domain, or an error occurs,
- * return the local realm name, as supplied by get_krbrlm().
- * If the hostname contains a domain, but no translation is found,
- * the hostname's domain is converted to upper-case and returned.
- *
- * The format of each line of the translation file is:
- * domain_name kerberos_realm
- * -or-
- * host_name kerberos_realm
- *
- * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU)
- * host names should be in the usual form (e.g. FOO.BAR.BAZ)
- */
-
-/* To automagically find the correct realm of a host (without
- * krb.realms) add a text record for your domain with the name of your
- * realm, like this:
- *
- * krb4-realm IN TXT FOO.SE
- *
- * The search is recursive, so you can also add entries for specific
- * hosts. To find the realm of host a.b.c, it first tries
- * krb4-realm.a.b.c, then krb4-realm.b.c and so on.
- */
-
-static int
-dns_find_realm(char *hostname, char *realm)
-{
- char domain[MAXHOSTNAMELEN + sizeof("krb4-realm..")];
- char *p;
- int level = 0;
- struct dns_reply *r;
-
- p = hostname;
-
- while(1){
- snprintf(domain, sizeof(domain), "krb4-realm.%s.", p);
- p = strchr(p, '.');
- if(p == NULL)
- break;
- p++;
- r = dns_lookup(domain, "TXT");
- if(r){
- struct resource_record *rr = r->head;
- while(rr){
- if(rr->type == T_TXT){
- strncpy(realm, rr->u.txt, REALM_SZ);
- realm[REALM_SZ - 1] = 0;
- dns_free_data(r);
- return level;
- }
- rr = rr->next;
- }
- dns_free_data(r);
- }
- level++;
- }
- return -1;
-}
-
-
-static FILE *
-open_krb_realms(void)
-{
- int i;
- char file[MAXPATHLEN];
- FILE *res;
-
- for(i = 0; krb_get_krbrealms(i, file, sizeof(file)) == 0; i++)
- if ((res = fopen(file, "r")) != NULL)
- return res;
-
- return NULL;
-}
-
-static int
-file_find_realm(const char *phost, const char *domain,
- char *ret_realm, size_t ret_realm_sz)
-{
- FILE *trans_file;
- char buf[1024];
- int ret = -1;
-
- if ((trans_file = open_krb_realms()) == NULL)
- return -1;
-
- while (fgets(buf, sizeof(buf), trans_file) != NULL) {
- char *save = NULL;
- char *tok;
- char *tmp_host;
- char *tmp_realm;
-
- tok = strtok_r(buf, " \t\r\n", &save);
- if(tok == NULL)
- continue;
- tmp_host = tok;
- tok = strtok_r(NULL, " \t\r\n", &save);
- if(tok == NULL)
- continue;
- tmp_realm = tok;
- if (strcasecmp(tmp_host, phost) == 0) {
- /* exact match of hostname, so return the realm */
- strncpy(ret_realm, tmp_realm, ret_realm_sz);
- ret_realm[ret_realm_sz - 1] = '\0';
- ret = 0;
- break;
- }
- if ((tmp_host[0] == '.') && domain) {
- const char *cp = domain;
- do {
- if(strcasecmp(tmp_host, domain) == 0){
- /* domain match, save for later */
- strncpy(ret_realm, tmp_realm, ret_realm_sz);
- ret_realm[ret_realm_sz - 1] = '\0';
- ret = 0;
- break;
- }
- cp = strchr(cp + 1, '.');
- } while(MATCH_SUBDOMAINS && cp);
- }
- }
- fclose(trans_file);
- return ret;
-}
-
-char *
-krb_realmofhost(const char *host)
-{
- static char ret_realm[REALM_SZ];
- char *domain;
- char phost[MAXHOSTNAMELEN];
-
- krb_name_to_name(host, phost, sizeof(phost));
-
- domain = strchr(phost, '.');
-
- if(file_find_realm(phost, domain, ret_realm, sizeof(ret_realm)) == 0)
- return ret_realm;
-
- if(dns_find_realm(phost, ret_realm) >= 0)
- return ret_realm;
-
- if (domain) {
- char *cp;
-
- strncpy(ret_realm, &domain[1], REALM_SZ);
- ret_realm[REALM_SZ - 1] = 0;
- /* Upper-case realm */
- for (cp = ret_realm; *cp; cp++)
- *cp = toupper(*cp);
- } else {
- strncpy(ret_realm, krb_get_default_realm(), REALM_SZ); /* Wild guess */
- }
- return ret_realm;
-}
diff --git a/kerberosIV/krb/getst.c b/kerberosIV/krb/getst.c
deleted file mode 100644
index eabc891386f..00000000000
--- a/kerberosIV/krb/getst.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/* $OpenBSD: getst.c,v 1.5 1998/02/25 15:51:16 art Exp $ */
-/* $KTH: getst.c,v 1.6 1997/03/23 03:53:11 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * getst() takes a file descriptor, a string and a count. It reads
- * from the file until either it has read "count" characters, or until
- * it reads a null byte. When finished, what has been read exists in
- * the given string "s". If "count" characters were actually read, the
- * last is changed to a null, so the returned string is always null-
- * terminated. getst() returns the number of characters read, including
- * the null terminator.
- */
-
-int
-getst(int fd, char *s, int n)
-{
- int count = n;
- while (read(fd, s, 1) > 0 && --count)
- if (*s++ == '\0')
- return (n - count);
- *s = '\0';
- return (n - count);
-}
diff --git a/kerberosIV/krb/k_concat.c b/kerberosIV/krb/k_concat.c
deleted file mode 100644
index 341bc19d71d..00000000000
--- a/kerberosIV/krb/k_concat.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* $OpenBSD: k_concat.c,v 1.2 1997/12/09 07:57:20 art Exp $ */
-/* $KTH: k_concat.c,v 1.5 1997/05/02 08:56:39 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-int
-k_concat (char *s, size_t len, ...)
-{
- int ret;
- va_list args;
-
- va_start(args, len);
- ret = k_vconcat (s, len, args);
- va_end(args);
- return ret;
-}
-
-int
-k_vconcat (char *s, size_t len, va_list args)
-{
- const char *a;
-
- while ((a = va_arg(args, const char*))) {
- size_t n = strlen (a);
-
- if (n >= len)
- return -1;
- strncpy (s, a, n);
- s += n;
- len -= n;
- }
- *s = '\0';
- return 0;
-}
-
-size_t
-k_vmconcat (char **s, size_t max_len, va_list args)
-{
- const char *a;
- char *p, *q;
- size_t len = 0;
- *s = NULL;
- p = malloc(1);
- if(p == NULL)
- return 0;
- *p = 0;
- len = 1;
- while ((a = va_arg(args, const char*))) {
- size_t n = strlen (a);
-
- if(max_len && len + n > max_len){
- free(p);
- p = NULL;
- return 0;
- }
- q = realloc(p, len + n);
- if(q == NULL){
- free(p);
- p = NULL;
- return 0;
- }
- p = q;
- len += n;
- strcat(p, a);
- }
- *s = p;
- return len;
-}
-
-size_t
-k_mconcat (char **s, size_t max_len, ...)
-{
- int ret;
- va_list args;
-
- va_start(args, max_len);
- ret = k_vmconcat (s, max_len, args);
- va_end(args);
- return ret;
-}
diff --git a/kerberosIV/krb/k_getport.c b/kerberosIV/krb/k_getport.c
deleted file mode 100644
index a1f691f2155..00000000000
--- a/kerberosIV/krb/k_getport.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/* $OpenBSD: k_getport.c,v 1.2 1997/12/09 07:57:21 art Exp $ */
-/* $KTH: k_getport.c,v 1.10 1997/04/01 08:18:30 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-int
-k_getportbyname (const char *service, const char *proto, int default_port)
-{
- struct servent *sp;
-
- sp = getservbyname(service, proto);
- if(sp != NULL)
- return sp->s_port;
-
- krb_warning ("%s/%s unknown service, using default port %d\n",
- service, proto ? proto : "*", ntohs(default_port));
- return default_port;
-}
-
-
diff --git a/kerberosIV/krb/k_getsockinst.c b/kerberosIV/krb/k_getsockinst.c
deleted file mode 100644
index f36c3264b3e..00000000000
--- a/kerberosIV/krb/k_getsockinst.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* $OpenBSD: k_getsockinst.c,v 1.2 1997/12/09 07:57:22 art Exp $ */
-/* $KTH: k_getsockinst.c,v 1.10 1997/05/02 14:29:17 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * Return in inst the name of the local interface bound to socket
- * fd. On Failure return the 'wildcard' instance "*".
- */
-
-int
-k_getsockinst(int fd, char *inst, size_t inst_size)
-{
- struct sockaddr_in addr;
- int len = sizeof(addr);
- struct hostent *hnam;
-
- if (inst == NULL)
- return -1;
-
- if (getsockname(fd, (struct sockaddr *)&addr, &len) < 0)
- goto fail;
-
- hnam = gethostbyaddr((char *)&addr.sin_addr,
- sizeof(addr.sin_addr),
- addr.sin_family);
- if (hnam == 0)
- goto fail;
-
- strncpy (inst, hnam->h_name, inst_size);
- inst[inst_size - 1] = '\0';
- k_ricercar(inst); /* Canonicalize name */
- return 0; /* Success */
-
- fail:
- inst[0] = '*';
- inst[1] = 0;
- return -1;
-}
diff --git a/kerberosIV/krb/k_localtime.c b/kerberosIV/krb/k_localtime.c
deleted file mode 100644
index 36f26df2b2a..00000000000
--- a/kerberosIV/krb/k_localtime.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/* $OpenBSD: k_localtime.c,v 1.3 1997/12/09 07:57:22 art Exp $ */
-/* $KTH: k_localtime.c,v 1.7 1997/04/01 08:18:31 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-struct tm *k_localtime(u_int32_t *tp)
-{
- time_t t;
- t = *tp;
- return localtime(&t);
-}
diff --git a/kerberosIV/krb/kdc_reply.c b/kerberosIV/krb/kdc_reply.c
deleted file mode 100644
index a8e988fd103..00000000000
--- a/kerberosIV/krb/kdc_reply.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/* $OpenBSD: kdc_reply.c,v 1.3 1998/05/18 00:53:46 art Exp $ */
-/* $KTH: kdc_reply.c,v 1.10 1998/03/19 15:45:28 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-static int little_endian; /* XXX ugly */
-
-int
-kdc_reply_cred(KTEXT cip, CREDENTIALS *cred)
-{
- unsigned char *p = cip->dat;
-
- if (cred == NULL || p == NULL)
- return KFAILURE;
-
- memcpy(cred->session, p, 8);
- p += 8;
-
- if(p + strlen((char*)p) > cip->dat + cip->length)
- return INTK_BADPW;
- p += krb_get_string(p, cred->service);
-
- if(p + strlen((char*)p) > cip->dat + cip->length)
- return INTK_BADPW;
- p += krb_get_string(p, cred->instance);
-
- if(p + strlen((char*)p) > cip->dat + cip->length)
- return INTK_BADPW;
- p += krb_get_string(p, cred->realm);
-
- if(p + 3 > cip->dat + cip->length)
- return INTK_BADPW;
- cred->lifetime = *p++;
- cred->kvno = *p++;
- cred->ticket_st.length = *p++;
-
- if(p + cred->ticket_st.length + 4 > cip->dat + cip->length)
- return INTK_BADPW;
- memcpy(cred->ticket_st.dat, p, cred->ticket_st.length);
- p += cred->ticket_st.length;
-
- p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, little_endian);
-
- return KSUCCESS;
-}
-
-int
-kdc_reply_cipher(KTEXT reply, KTEXT cip)
-{
- unsigned char *p;
- unsigned char pvno;
- unsigned char type;
-
- char aname[ANAME_SZ];
- char inst[INST_SZ];
- char realm[REALM_SZ];
-
- u_int32_t kdc_time;
- u_int32_t exp_date;
- u_int32_t clen;
-
- p = reply->dat;
-
- pvno = *p++;
-
- if (pvno != KRB_PROT_VERSION )
- return INTK_PROT;
-
- type = *p++;
- little_endian = type & 1;
-
- type &= ~1;
-
- if(type == AUTH_MSG_ERR_REPLY){
- u_int32_t code;
- p += strlen((char*)p) + 1; /* name */
- p += strlen((char*)p) + 1; /* instance */
- p += strlen((char*)p) + 1; /* realm */
- p += 4; /* time */
- p += krb_get_int(p, &code, 4, little_endian);
- if(code == 0)
- code = KFAILURE; /* things will go bad otherwise */
- return code;
- }
- if(type != AUTH_MSG_KDC_REPLY)
- return INTK_PROT;
-
- p += krb_get_nir(p, aname, inst, realm);
- p += krb_get_int(p, &kdc_time, 4, little_endian);
- p++; /* number of tickets */
- p += krb_get_int(p, &exp_date, 4, little_endian);
- p++; /* master key version number */
- p += krb_get_int(p, &clen, 2, little_endian);
- cip->length = clen;
- memcpy(cip->dat, p, clen);
- p += clen;
-
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/kerberos.3 b/kerberosIV/krb/kerberos.3
deleted file mode 100644
index 996b76f6b5b..00000000000
--- a/kerberosIV/krb/kerberos.3
+++ /dev/null
@@ -1,482 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kerberos.3,v 1.4 1998/02/25 15:51:18 art Exp $
-.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred,
-krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err,
-krb_rd_err, krb_ck_repl \- Kerberos authentication library
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/des.h>
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-extern char *krb_err_txt[];
-.PP
-.ft B
-int krb_mk_req(authent,service,instance,realm,checksum)
-KTEXT authent;
-char *service;
-char *instance;
-char *realm;
-u_long checksum;
-.PP
-.ft B
-int krb_rd_req(authent,service,instance,from_addr,ad,fn)
-KTEXT authent;
-char *service;
-char *instance;
-u_long from_addr;
-AUTH_DAT *ad;
-char *fn;
-.PP
-.ft B
-int krb_kntoln(ad,lname)
-AUTH_DAT *ad;
-char *lname;
-.PP
-.ft B
-int krb_set_key(key,cvt)
-char *key;
-int cvt;
-.PP
-.ft B
-int krb_get_cred(service,instance,realm,c)
-char *service;
-char *instance;
-char *realm;
-CREDENTIALS *c;
-.PP
-.ft B
-long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver)
-u_char *in;
-u_char *out;
-u_long in_length;
-des_cblock key;
-des_key_schedule schedule;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-.PP
-.ft B
-long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data)
-u_char *in;
-u_long in_length;
-Key_schedule schedule;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-MSG_DAT *msg_data;
-.PP
-.ft B
-long krb_mk_safe(in,out,in_length,key,sender,receiver)
-u_char *in;
-u_char *out;
-u_long in_length;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-.PP
-.ft B
-long krb_rd_safe(in,length,key,sender,receiver,msg_data)
-u_char *in;
-u_long length;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-MSG_DAT *msg_data;
-.PP
-.ft B
-long krb_mk_err(out,code,string)
-u_char *out;
-long code;
-char *string;
-.PP
-.ft B
-long krb_rd_err(in,length,code,msg_data)
-u_char *in;
-u_long length;
-long code;
-MSG_DAT *msg_data;
-.fi
-.ft R
-.SH DESCRIPTION
-This library supports network authentication and various related
-operations. The library contains many routines beyond those described
-in this man page, but they are not intended to be used directly.
-Instead, they are called by the routines that are described, the
-authentication server and the login program.
-.PP
-.I krb_err_txt[]
-contains text string descriptions of various Kerberos error codes returned
-by some of the routines below.
-.PP
-.I krb_mk_req
-takes a pointer to a text structure in which an authenticator is to be
-built. It also takes the name, instance, and realm of the service to be
-used and an optional checksum. It is up to the application to decide
-how to generate the checksum.
-.I krb_mk_req
-then retrieves a ticket for the desired service and creates an
-authenticator. The authenticator is built in
-.I authent
-and is accessible
-to the calling procedure.
-.PP
-It is up to the application to get the authenticator to the service
-where it will be read by
-.I krb_rd_req.
-Unless an attacker posesses the session key contained in the ticket, it
-will be unable to modify the authenticator. Thus, the checksum can be
-used to verify the authenticity of the other data that will pass through
-a connection.
-.PP
-.I krb_rd_req
-takes an authenticator of type
-.B KTEXT,
-a service name, an instance, the address of the
-host originating the request, and a pointer to a structure of type
-.B AUTH_DAT
-which is filled in with information obtained from the authenticator.
-It also optionally takes the name of the file in which it will find the
-secret key(s) for the service.
-If the supplied
-.I instance
-contains "*", then the first service key with the same service name
-found in the service key file will be used, and the
-.I instance
-argument will be filled in with the chosen instance. This means that
-the caller must provide space for such an instance name.
-.PP
-It is used to find out information about the principal when a request
-has been made to a service. It is up to the application protocol to get
-the authenticator from the client to the service. The authenticator is
-then passed to
-.I krb_rd_req
-to extract the desired information.
-.PP
-.I krb_rd_req
-returns zero (RD_AP_OK) upon successful authentication. If a packet was
-forged, modified, or replayed, authentication will fail. If the
-authentication fails, a non-zero value is returned indicating the
-particular problem encountered. See
-.I krb.h
-for the list of error codes.
-.PP
-If the last argument is the null string (""), krb_rd_req will use the
-file /etc/srvtab to find its keys. If the last argument is NULL, it
-will assume that the key has been set by
-.I krb_set_key
-and will not bother looking further.
-.PP
-.I krb_kntoln
-converts a Kerberos name to a local name. It takes a structure
-of type AUTH_DAT and uses the name and instance to look in the database
-/etc/aname to find the corresponding local name. The local name is
-returned and can be used by an application to change uids, directories,
-or other parameters. It is not an integral part of Kerberos, but is
-instead provided to support the use of Kerberos in existing utilities.
-.PP
-.I krb_set_key
-takes as an argument a des key. It then creates
-a key schedule from it and saves the original key to be used as an
-initialization vector.
-It is used to set the server's key which
-must be used to decrypt tickets.
-.PP
-If called with a non-zero second argument,
-.I krb_set_key
-will first convert the input from a string of arbitrary length to a DES
-key by encrypting it with a one-way function.
-.PP
-In most cases it should not be necessary to call
-.I krb_set_key.
-The necessary keys will usually be obtained and set inside
-.I krb_rd_req. krb_set_key
-is provided for those applications that do not wish to place the
-application keys on disk.
-.PP
-.I krb_get_cred
-searches the caller's ticket file for a ticket for the given service, instance,
-and realm; and, if a ticket is found, fills in the given CREDENTIALS structure
-with the ticket information.
-.PP
-If the ticket was found,
-.I krb_get_cred
-returns GC_OK.
-If the ticket file can't be found, can't be read, doesn't belong to
-the user (other than root), isn't a regular file, or is in the wrong
-mode, the error GC_TKFIL is returned.
-.PP
-.I krb_mk_priv
-creates an encrypted, authenticated
-message from any arbitrary application data, pointed to by
-.I in
-and
-.I in_length
-bytes long.
-The private session key, pointed to by
-.I key
-and the key schedule,
-.I schedule,
-are used to encrypt the data and some header information using
-.I pcbc_encrypt.
-.I sender
-and
-.I receiver
-point to the Internet address of the two parties.
-In addition to providing privacy, this protocol message protects
-against modifications, insertions or replays. The encapsulated message and
-header are placed in the area pointed to by
-.I out
-and the routine returns the length of the output, or -1 indicating
-an error.
-.PP
-.I krb_rd_priv
-decrypts and authenticates a received
-.I krb_mk_priv
-message.
-.I in
-points to the beginning of the received message, whose length
-is specified in
-.I in_length.
-The private session key, pointed to by
-.I key,
-and the key schedule,
-.I schedule,
-are used to decrypt and verify the received message.
-.I msg_data
-is a pointer to a
-.I MSG_DAT
-struct, defined in
-.I krb.h.
-The routine fills in the
-.I app_data
-field with a pointer to the decrypted application data,
-.I app_length
-with the length of the
-.I app_data
-field,
-.I time_sec
-and
-.I time_5ms
-with the timestamps in the message, and
-.I swap
-with a 1 if the byte order of the receiver is different than that of
-the sender. (The application must still determine if it is appropriate
-to byte-swap application data; the Kerberos protocol fields are already taken
-care of). The
-.I hash
-field returns a value useful as input to the
-.I krb_ck_repl
-routine.
-
-The routine returns zero if ok, or a Kerberos error code. Modified messages
-and old messages cause errors, but it is up to the caller to
-check the time sequence of messages, and to check against recently replayed
-messages using
-.I krb_ck_repl
-if so desired.
-.PP
-.I krb_mk_safe
-creates an authenticated, but unencrypted message from any arbitrary
-application data,
-pointed to by
-.I in
-and
-.I in_length
-bytes long.
-The private session key, pointed to by
-.I key,
-is used to seed the
-.I quad_cksum()
-checksum algorithm used as part of the authentication.
-.I sender
-and
-.I receiver
-point to the Internet address of the two parties.
-This message does not provide privacy, but does protect (via detection)
-against modifications, insertions or replays. The encapsulated message and
-header are placed in the area pointed to by
-.I out
-and the routine returns the length of the output, or -1 indicating
-an error.
-The authentication provided by this routine is not as strong as that
-provided by
-.I krb_mk_priv
-or by computing the checksum using
-.I cbc_cksum
-instead, both of which authenticate via DES.
-.PP
-
-.I krb_rd_safe
-authenticates a received
-.I krb_mk_safe
-message.
-.I in
-points to the beginning of the received message, whose length
-is specified in
-.I in_length.
-The private session key, pointed to by
-.I key,
-is used to seed the quad_cksum() routine as part of the authentication.
-.I msg_data
-is a pointer to a
-.I MSG_DAT
-struct, defined in
-.I krb.h .
-The routine fills in these
-.I MSG_DAT
-fields:
-the
-.I app_data
-field with a pointer to the application data,
-.I app_length
-with the length of the
-.I app_data
-field,
-.I time_sec
-and
-.I time_5ms
-with the timestamps in the message, and
-.I swap
-with a 1 if the byte order of the receiver is different than that of
-the sender.
-(The application must still determine if it is appropriate
-to byte-swap application data; the Kerberos protocol fields are already taken
-care of). The
-.I hash
-field returns a value useful as input to the
-.I krb_ck_repl
-routine.
-
-The routine returns zero if ok, or a Kerberos error code. Modified messages
-and old messages cause errors, but it is up to the caller to
-check the time sequence of messages, and to check against recently replayed
-messages using
-.I krb_ck_repl
-if so desired.
-.PP
-.I krb_mk_err
-constructs an application level error message that may be used along
-with
-.I krb_mk_priv
-or
-.I krb_mk_safe.
-.I out
-is a pointer to the output buffer,
-.I code
-is an application specific error code, and
-.I string
-is an application specific error string.
-
-.PP
-.I krb_rd_err
-unpacks a received
-.I krb_mk_err
-message.
-.I in
-points to the beginning of the received message, whose length
-is specified in
-.I in_length.
-.I code
-is a pointer to a value to be filled in with the error
-value provided by the application.
-.I msg_data
-is a pointer to a
-.I MSG_DAT
-struct, defined in
-.I krb.h .
-The routine fills in these
-.I MSG_DAT
-fields: the
-.I app_data
-field with a pointer to the application error text,
-.I app_length
-with the length of the
-.I app_data
-field, and
-.I swap
-with a 1 if the byte order of the receiver is different than that of
-the sender. (The application must still determine if it is appropriate
-to byte-swap application data; the Kerberos protocol fields are already taken
-care of).
-
-The routine returns zero if the error message has been successfully received,
-or a Kerberos error code.
-.PP
-The
-.I KTEXT
-structure is used to pass around text of varying lengths. It consists
-of a buffer for the data, and a length. krb_rd_req takes an argument of this
-type containing the authenticator, and krb_mk_req returns the
-authenticator in a structure of this type. KTEXT itself is really a
-pointer to the structure. The actual structure is of type KTEXT_ST.
-.PP
-The
-.I AUTH_DAT
-structure is filled in by krb_rd_req. It must be allocated before
-calling krb_rd_req, and a pointer to it is passed. The structure is
-filled in with data obtained from Kerberos.
-.I MSG_DAT
-structure is filled in by either krb_rd_priv, krb_rd_safe, or
-krb_rd_err. It must be allocated before the call and a pointer to it
-is passed. The structure is
-filled in with data obtained from Kerberos.
-.PP
-.SH FILES
-/usr/include/kerberosIV/krb.h
-.br
-/usr/lib/libkrb.a
-.br
-/usr/include/kerberosIV/des.h
-.br
-/usr/lib/libdes.a
-.br
-/etc/aname
-.br
-/etc/kerberosIV/srvtab
-.br
-/tmp/tkt[uid]
-.SH "SEE ALSO"
-kerberos(1), des_crypt(3)
-.SH BUGS
-The caller of
-.I krb_rd_req, krb_rd_priv, and krb_rd_safe
-must check time order and for replay attempts.
-.I krb_ck_repl
-is not implemented yet.
-.SH AUTHORS
-Clifford Neuman, MIT Project Athena
-.br
-Steve Miller, MIT Project Athena/Digital Equipment Corporation
-.SH RESTRICTIONS
-COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology
diff --git a/kerberosIV/krb/kntoln.c b/kerberosIV/krb/kntoln.c
deleted file mode 100644
index 89df8a53a51..00000000000
--- a/kerberosIV/krb/kntoln.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/* $OpenBSD: kntoln.c,v 1.7 1998/05/17 13:53:48 art Exp $ */
-/* $KTH: kntoln.c,v 1.8 1997/12/11 15:00:11 bg Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * krb_kntoln converts an auth name into a local name by looking up
- * the auth name in the /etc/aname file. The format of the aname
- * file is:
- *
- * +-----+-----+-----+-----+------+----------+-------+-------+
- * | anl | inl | rll | lnl | name | instance | realm | lname |
- * +-----+-----+-----+-----+------+----------+-------+-------+
- * | 1by | 1by | 1by | 1by | name | instance | realm | lname |
- * +-----+-----+-----+-----+------+----------+-------+-------+
- *
- * If the /etc/aname file can not be opened it will set the
- * local name to the auth name. Thus, in this case it performs as
- * the identity function.
- *
- * The name instance and realm are passed to krb_kntoln through
- * the AUTH_DAT structure (ad).
- *
- * Now here's what it *really* does:
- *
- * Given a Kerberos name in an AUTH_DAT structure, check that the
- * instance is null, and that the realm is the same as the local
- * realm, and return the principal's name in "lname". Return
- * KSUCCESS if all goes well, otherwise KFAILURE.
- */
-
-#include "krb_locl.h"
-
-int
-krb_kntoln(AUTH_DAT *ad, char *lname)
-{
- static char lrealm[REALM_SZ] = "";
-
- if (ad == NULL || lname == NULL)
- return KFAILURE;
-
- if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
- return(KFAILURE);
-
- if (strcmp(ad->pinst, ""))
- return(KFAILURE);
- if (strcmp(ad->prealm, lrealm))
- return(KFAILURE);
- strncpy(lname, ad->pname, ANAME_SZ);
- lname[ANAME_SZ-1] = '\0';
- return(KSUCCESS);
-}
-
-#if 0
-/* Posted to usenet by "Derrick J. Brashear" <shadow+@andrew.cmu.edu> */
-
-#include <krb.h>
-#include <ndbm.h>
-#include <stdio.h>
-#include <sys/file.h>
-#include <strings.h>
-#include <sys/syslog.h>
-#include <sys/errno.h>
-
-extern int errno;
-/*
- * antoln converts an authentication name into a local name by looking up
- * the authentication name in the /etc/aname dbm database.
- *
- * If the /etc/aname file can not be opened it will set the
- * local name to the principal name. Thus, in this case it performs as
- * the identity function.
- *
- * The name instance and realm are passed to antoln through
- * the AUTH_DAT structure (ad).
- */
-
-static char lrealm[REALM_SZ] = "";
-
-int
-an_to_ln(AUTH_DAT *ad,
- char *lname)
-{
- static DBM *aname = NULL;
- char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2];
-
- if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
- return(KFAILURE);
-
- if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) ||
-strcmp(ad->prealm,lrealm)) {
- datum val;
- datum key;
- /*
- * Non-local name (or) non-null and non-root instance.
- * Look up in dbm file.
- */
- if (!aname) {
- if ((aname = dbm_open("/etc/aname", O_RDONLY, 0))
- == NULL) return (KFAILURE);
- }
- /* Construct dbm lookup key. */
- an_to_a(ad, keyname);
- key.dptr = keyname;
- key.dsize = strlen(keyname)+1;
- flock(dbm_dirfno(aname), LOCK_SH);
- val = dbm_fetch(aname, key);
- flock(dbm_dirfno(aname), LOCK_UN);
- if (!val.dptr) {
- dbm_close(aname);
- return(KFAILURE);
- }
- /* Got it! */
- strncpy(lname, val.dptr, ANAME_SZ);
- lname[ANAME_SZ-1] = '\0';
- return(KSUCCESS);
- } else{
- strncpy(lname, ad->pname, ANAME_SZ);
- lname[ANAME_SZ-1] = '\0';
- }
- return(KSUCCESS);
-}
-
-int
-an_to_a(AUTH_DAT *ad,
- char *str)
-{
- strncpy(str, ad->pname, ANAME_SZ);
- str[ANAME_SZ-1] = '\0';
- if(*ad->pinst) {
- strcat(str, ".");
- strcat(str, ad->pinst);
- }
- strcat(str, "@");
- strcat(str, ad->prealm);
-}
-
-/*
- * Parse a string of the form "user[.instance][@realm]"
- * into a struct AUTH_DAT.
- */
-int
-a_to_an(char *str, AUTH_DAT *ad)
-{
- char *buf = (char *)malloc(strlen(str)+1);
- char *rlm, *inst, *princ;
-
- if (buf == NULL)
- return KFAILURE;
-
- if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) {
- free(buf);
- buf = NULL;
- return(KFAILURE);
- }
- /* destructive string hacking is more fun.. */
- strncpy(buf, str, strlen(str)+1);
- buf[strlen(str)] = '\0';
-
- if (rlm = index(buf, '@')) {
- *rlm++ = '\0';
- }
- if (inst = index(buf, '.')) {
- *inst++ = '\0';
- }
- strcpy(ad->pname, buf);
- if(inst) strcpy(ad->pinst, inst);
- else *ad->pinst = '\0';
- if (rlm) strcpy(ad->prealm, rlm);
- else strcpy(ad->prealm, lrealm);
- free(buf);
- buf = NULL;
- return(KSUCCESS);
-}
-#endif
diff --git a/kerberosIV/krb/krb-archaeology.h b/kerberosIV/krb/krb-archaeology.h
deleted file mode 100644
index a1bbbacf42d..00000000000
--- a/kerberosIV/krb/krb-archaeology.h
+++ /dev/null
@@ -1,157 +0,0 @@
-/* $OpenBSD: krb-archaeology.h,v 1.3 1998/02/25 15:51:20 art Exp $ */
-/* $KTH: krb-archaeology.h,v 1.2 1997/12/05 02:04:44 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*
- * Most of the cruft in this file is probably:
- *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#ifndef __KRB_ARCHAEOLOGY_H__
-#define __KRB_ARCHAEOLOGY_H__
-
-/* Compare x and y in VAX byte order, result is -1, 0 or 1. */
-
-#define krb_lsb_antinet_ulong_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ulong_cmp(x, y))
-
-#define krb_lsb_antinet_ushort_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ushort_cmp(x, y))
-
-int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y);
-int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y);
-u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst);
-
-/* Macro's to obtain various fields from a packet */
-
-#define pkt_version(packet) (unsigned int) *(packet->dat)
-#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1)
-#define pkt_a_name(packet) (packet->dat+2)
-#define pkt_a_inst(packet) \
- (packet->dat+3+strlen((char *)pkt_a_name(packet)))
-#define pkt_a_realm(packet) \
- (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet)))
-
-/* Macro to obtain realm from application request */
-#define apreq_realm(auth) (auth->dat + 3)
-
-#define pkt_time_ws(packet) (char *) \
- (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-
-#define pkt_no_req(packet) (unsigned short) \
- *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-#define pkt_x_date(packet) (char *) \
- (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-#define pkt_err_code(packet) ( (char *) \
- (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet))))
-#define pkt_err_text(packet) \
- (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \
- strlen((char *)pkt_a_inst(packet)) + \
- strlen((char *)pkt_a_realm(packet)))
-
-/*
- * macros for byte swapping; also scratch space
- * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0
- * u_int32_t 0-->3, 1-->2, 2-->1, 3-->0
- * u_int16_t 0-->1, 1-->0
- */
-
-#define swap_u_16(x) {\
- u_int32_t _krb_swap_tmp[4];\
- swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \
- swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \
- swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \
- swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \
- swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \
- swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \
- swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \
- swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \
- memcpy(x, _krb_swap_tmp, 16);\
- }
-
-#define swap_u_12(x) {\
- u_int32_t _krb_swap_tmp[4];\
- swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \
- swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \
- swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \
- swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \
- swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \
- swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \
- memcpy(x, _krb_swap_tmp, 12);\
- }
-
-#define swap_C_Block(x) {\
- u_int32_t _krb_swap_tmp[4];\
- swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \
- swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \
- swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \
- swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \
- memcpy(x, _krb_swap_tmp, 8);\
- }
-#define swap_u_quad(x) {\
- u_int32_t _krb_swap_tmp[4];\
- swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \
- swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \
- swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \
- swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \
- memcpy(x, _krb_swap_tmp, 8);\
- }
-
-#define swap_u_long(x) {\
- u_int32_t _krb_swap_tmp[4];\
- swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \
- swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \
- x = _krb_swap_tmp[0]; \
- }
-
-#define swap_u_short(x) {\
- u_int16_t _krb_swap_sh_tmp; \
- swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \
- x = (u_int16_t) _krb_swap_sh_tmp; \
- }
-/* Kerberos ticket flag field bit definitions */
-#define K_FLAG_ORDER 0 /* bit 0 --> lsb */
-#define K_FLAG_1 /* reserved */
-#define K_FLAG_2 /* reserved */
-#define K_FLAG_3 /* reserved */
-#define K_FLAG_4 /* reserved */
-#define K_FLAG_5 /* reserved */
-#define K_FLAG_6 /* reserved */
-#define K_FLAG_7 /* reserved, bit 7 --> msb */
-
-#endif /* __KRB_ARCHAEOLOGY_H__ */
diff --git a/kerberosIV/krb/krb_check_auth.c b/kerberosIV/krb/krb_check_auth.c
deleted file mode 100644
index 47b8e546ef2..00000000000
--- a/kerberosIV/krb/krb_check_auth.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* $OpenBSD: krb_check_auth.c,v 1.2 1997/12/09 07:57:23 art Exp $ */
-/* $KTH: krb_check_auth.c,v 1.4 1997/04/01 08:18:33 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- *
- * Receive an mutual-authenticator for a server in `packet', with
- * `checksum', `session', and `schedule' having the appropriate values
- * and return the data in `msg_data'.
- *
- * Return KSUCCESS if the received checksum is correct.
- *
- */
-
-int
-krb_check_auth(KTEXT packet,
- u_int32_t checksum,
- MSG_DAT *msg_data,
- des_cblock *session,
- struct des_ks_struct *schedule,
- struct sockaddr_in *laddr,
- struct sockaddr_in *faddr)
-{
- int ret;
- u_int32_t checksum2;
-
- ret = krb_rd_priv (packet->dat, packet->length, schedule, session, faddr,
- laddr, msg_data);
- if (ret != RD_AP_OK)
- return ret;
- if (msg_data->app_length != 4)
- return KFAILURE;
- krb_get_int (msg_data->app_data, &checksum2, 4, 0);
- if (checksum2 == checksum + 1)
- return KSUCCESS;
- else
- return KFAILURE;
-}
diff --git a/kerberosIV/krb/krb_equiv.c b/kerberosIV/krb/krb_equiv.c
deleted file mode 100644
index ccc3972a109..00000000000
--- a/kerberosIV/krb/krb_equiv.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/* $OpenBSD: krb_equiv.c,v 1.4 1997/12/09 07:57:24 art Exp $ */
-/* $KTH: krb_equiv.c,v 1.13 1997/04/01 08:18:33 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b);
- *
- * Given two IP adresses return true if they match
- * or are considered to belong to the same host.
- *
- * For example if /etc/krb.equiv looks like
- *
- * 130.237.223.3 192.16.126.3 # alv alv1
- * 130.237.223.4 192.16.126.4 # byse byse1
- * 130.237.228.152 192.16.126.9 # topsy topsy1
- *
- * krb_equiv(alv, alv1) would return true but
- * krb_equiv(alv, byse1) would not.
- *
- * A comment starts with an '#' and ends with '\n'.
- *
- */
-#include "krb_locl.h"
-
-int krb_ignore_ip_address = 0;
-
-int
-krb_equiv(u_int32_t a, u_int32_t b)
-{
- FILE *fil;
- char line[256];
- int hit_a, hit_b;
- int iscomment;
-
- if (a == b) /* trivial match, also the common case */
- return 1;
-
- if (krb_ignore_ip_address)
- return 1; /* if we have decided not to compare */
-
- a = ntohl(a);
- b = ntohl(b);
-
- fil = fopen(KRB_EQUIV, "r");
- if (fil == NULL) /* open failed */
- return 0;
-
- hit_a = hit_b = 0;
- iscomment = 0;
- while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */
- {
- char *t = line;
- int len = strlen(t);
-
- /* for each item on this line */
- while (*t != 0) /* more addresses on this line? */
- if (*t == '\n') {
- iscomment = hit_a = hit_b = 0;
- break;
- } else if (iscomment)
- t = line + len - 1;
- else if (*t == '#') { /* rest is comment */
- iscomment = 1;
- ++t;
- } else if (*t == '\\' ) /* continuation */
- break;
- else if (isspace(*t)) /* skip space */
- t++;
- else if (isdigit(*t)) /* an address? */
- {
- u_int32_t tmp;
- u_int32_t tmpa, tmpb, tmpc, tmpd;
-
- sscanf(t, "%d.%d.%d.%d", &tmpa, &tmpb, &tmpc, &tmpd);
- tmp = (tmpa << 24) | (tmpb << 16) | (tmpc << 8) | tmpd;
-
- while (*t == '.' || isdigit(*t)) /* done with this address */
- t++;
-
- if (tmp != -1) { /* an address (and not broadcast) */
- u_int32_t mask = (u_int32_t)~0;
-
- if (*t == '/') {
- ++t;
- mask <<= 32 - atoi(t);
-
- while(isdigit(*t))
- ++t;
- }
-
- if ((tmp & mask) == (a & mask))
- hit_a = 1;
- if ((tmp & mask) == (b & mask))
- hit_b = 1;
- if (hit_a && hit_b) {
- fclose(fil);
- return 1;
- }
- }
- }
- else
- ++t; /* garbage on this line, skip it */
-
- }
-
- fclose(fil);
- return 0;
-}
diff --git a/kerberosIV/krb/krb_err.et b/kerberosIV/krb/krb_err.et
deleted file mode 100644
index 850b31e491d..00000000000
--- a/kerberosIV/krb/krb_err.et
+++ /dev/null
@@ -1,117 +0,0 @@
-# This source code is no longer held under any constraint of USA\
-# `cryptographic laws' since it was exported legally. The cryptographic\
-# functions were removed from the code and a "Bones" distribution was\
-# made. A Commodity Jurisdiction Request #012-94 was filed with the\
-# USA State Department, who handed it to the Commerce department. The\
-# code was determined to fall under General License GTDA under ECCN 5D96G,\
-# and hence exportable. The cryptographic interfaces were re-added by Eric\
-# Young, and then KTH proceeded to maintain the code in the free world.
-#
-# Copyright 1987,1988 Massachusetts Institute of Technology
-#
-# Export of this software from the United States of America is assumed
-# to require a specific license from the United States Government.
-# It is the responsibility of any person or organization contemplating
-# export to obtain such a license before exporting.
-#
-# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-# distribute this software and its documentation for any purpose and
-# without fee is hereby granted, provided that the above copyright
-# notice appear in all copies and that both that copyright notice and
-# this permission notice appear in supporting documentation, and that
-# the name of M.I.T. not be used in advertising or publicity pertaining
-# to distribution of the software without specific, written prior
-# permission. M.I.T. makes no representations about the suitability of
-# this software for any purpose. It is provided "as is" without express
-# or implied warranty.
-#
-#
-# $KTH: krb_err.et,v 1.4 1996/10/27 13:30:28 bg Exp $
-# $OpenBSD: krb_err.et,v 1.5 1998/07/07 19:06:55 art Exp $
-#
-error_table krb
-
-ec KRBET_KSUCCESS, "Kerberos successful"
-ec KRBET_KDC_NAME_EXP, "Kerberos principal expired"
-ec KRBET_KDC_SERVICE_EXP, "Kerberos service expired"
-ec KRBET_KDC_AUTH_EXP, "Kerberos auth expired"
-ec KRBET_KDC_PKT_VER, "Incorrect kerberos master key version"
-ec KRBET_KDC_P_MKEY_VER, "Incorrect kerberos master key version"
-ec KRBET_KDC_S_MKEY_VER, "Incorrect kerberos master key version"
-ec KRBET_KDC_BYTE_ORDER, "Kerberos error: byte order unknown"
-ec KRBET_KDC_PR_UNKNOWN, "Kerberos principal unknown"
-ec KRBET_KDC_PR_N_UNIQUE, "Kerberos principal not unique"
-ec KRBET_KDC_NULL_KEY, "Kerberos principal has null key"
-ec KRBET_KRB_RES11, "Reserved 11"
-ec KRBET_KRB_RES12, "Reserved 12"
-ec KRBET_KRB_RES13, "Reserved 13"
-ec KRBET_KRB_RES14, "Reserved 14"
-ec KRBET_KRB_RES15, "Reserved 15"
-ec KRBET_KRB_RES16, "Reserved 16"
-ec KRBET_KRB_RES17, "Reserved 17"
-ec KRBET_KRB_RES18, "Reserved 18"
-ec KRBET_KRB_RES19, "Reserved 19"
-ec KRBET_KDC_GEN_ERR, "Generic error from Kerberos KDC"
-ec KRBET_GC_TKFIL, "Can't read Kerberos ticket file"
-ec KRBET_GC_NOTKT, "Can't find Kerberos ticket or TGT"
-ec KRBET_KRB_RES23, "Reserved 23"
-ec KRBET_KRB_RES24, "Reserved 24"
-ec KRBET_KRB_RES25, "Reserved 25"
-ec KRBET_MK_AP_TGTEXP, "Kerberos TGT Expired"
-ec KRBET_KRB_RES27, "Reserved 27"
-ec KRBET_KRB_RES28, "Reserved 28"
-ec KRBET_KRB_RES29, "Reserved 29"
-ec KRBET_KRB_RES30, "Reserved 30"
-ec KRBET_RD_AP_UNDEC, "Kerberos error: Can't decode authenticator"
-ec KRBET_RD_AP_EXP, "Kerberos ticket expired"
-ec KRBET_RD_AP_NYV, "Kerberos ticket not yet valid"
-ec KRBET_RD_AP_REPEAT, "Kerberos error: Repeated request"
-ec KRBET_RD_AP_NOT_US, "The kerberos ticket isn't for us"
-ec KRBET_RD_AP_INCON, "Kerberos request inconsistent"
-ec KRBET_RD_AP_TIME, "Kerberos error: delta_t too big"
-ec KRBET_RD_AP_BADD, "Kerberos error: incorrect net address"
-ec KRBET_RD_AP_VERSION, "Kerberos protocol version mismatch"
-ec KRBET_RD_AP_MSG_TYPE, "Kerberos error: invalid msg type"
-ec KRBET_RD_AP_MODIFIED, "Kerberos error: message stream modified"
-ec KRBET_RD_AP_ORDER, "Kerberos error: message out of order"
-ec KRBET_RD_AP_UNAUTHOR, "Kerberos error: unauthorized request"
-ec KRBET_KRB_RES44, "Reserved 44"
-ec KRBET_KRB_RES45, "Reserved 45"
-ec KRBET_KRB_RES46, "Reserved 46"
-ec KRBET_KRB_RES47, "Reserved 47"
-ec KRBET_KRB_RES48, "Reserved 48"
-ec KRBET_KRB_RES49, "Reserved 49"
-ec KRBET_KRB_RES50, "Reserved 50"
-ec KRBET_GT_PW_NULL, "Kerberos error: current PW is null"
-ec KRBET_GT_PW_BADPW, "Kerberos error: Incorrect current password"
-ec KRBET_GT_PW_PROT, "Kerberos protocol error"
-ec KRBET_GT_PW_KDCERR, "Error returned by Kerberos KDC"
-ec KRBET_GT_PW_NULLTKT, "Null Kerberos ticket returned by KDC"
-ec KRBET_SKDC_RETRY, "Kerberos error: Retry count exceeded"
-ec KRBET_SKDC_CANT, "Kerberos error: Can't send request"
-ec KRBET_KRB_RES58, "Reserved 58"
-ec KRBET_KRB_RES59, "Reserved 59"
-ec KRBET_KRB_RES60, "Reserved 60"
-ec KRBET_INTK_W_NOTALL, "Kerberos error: not all tickets returned"
-ec KRBET_INTK_BADPW, "Kerberos error: incorrect password"
-ec KRBET_INTK_PROT, "Kerberos error: Protocol Error"
-ec KRBET_KRB_RES64, "Reserved 64"
-ec KRBET_KRB_RES65, "Reserved 65"
-ec KRBET_KRB_RES66, "Reserved 66"
-ec KRBET_KRB_RES67, "Reserved 67"
-ec KRBET_KRB_RES68, "Reserved 68"
-ec KRBET_KRB_RES69, "Reserved 69"
-ec KRBET_INTK_ERR, "Other error"
-ec KRBET_AD_NOTGT, "Don't have Kerberos ticket-granting ticket"
-ec KRBET_KRB_RES72, "Reserved 72"
-ec KRBET_KRB_RES73, "Reserved 73"
-ec KRBET_KRB_RES74, "Reserved 74"
-ec KRBET_KRB_RES75, "Reserved 75"
-ec KRBET_NO_TKT_FIL, "No ticket file found"
-ec KRBET_TKT_FIL_ACC, "Couldn't access ticket file"
-ec KRBET_TKT_FIL_LCK, "Couldn't lock ticket file"
-ec KRBET_TKT_FIL_FMT, "Bad ticket file format"
-ec KRBET_TKT_FIL_INI, "tf_init not called first"
-ec KRBET_KNAME_FMT, "Bad Kerberos name format"
-end
-
diff --git a/kerberosIV/krb/krb_err_txt.c b/kerberosIV/krb/krb_err_txt.c
deleted file mode 100644
index c8c2fcd97a4..00000000000
--- a/kerberosIV/krb/krb_err_txt.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/* $OpenBSD: krb_err_txt.c,v 1.6 1998/05/18 00:53:47 art Exp $ */
-/* $KTH: krb_err_txt.c,v 1.13 1998/01/31 08:11:52 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-
-/*
- * This file contains an array of error text strings.
- * The associated error codes (which are defined in "krb.h")
- * follow the string in the comments at the end of each line.
- */
-
-const char *krb_err_txt[256] = {
- "OK", /* 000 */
- "Principal expired (kerberos)", /* 001 */
- "Service expired (kerberos)", /* 002 */
- "Authentication expired (kerberos)", /* 003 */
- "Unknown protocol version number (kerberos)", /* 004 */
- "Principal: Incorrect master key version (kerberos)", /* 005 */
- "Service: Incorrect master key version (kerberos)", /* 006 */
- "Bad byte order (kerberos)", /* 007 */
- "Principal unknown (kerberos)", /* 008 */
- "Principal not unique (kerberos)", /* 009 */
- "Principal has null key (kerberos)", /* 010 */
- "Timeout in request (kerberos)", /* 011 */
- "Reserved error message 12 (kerberos)", /* 012 */
- "Reserved error message 13 (kerberos)", /* 013 */
- "Reserved error message 14 (kerberos)", /* 014 */
- "Reserved error message 15 (kerberos)", /* 015 */
- "Reserved error message 16 (kerberos)", /* 016 */
- "Reserved error message 17 (kerberos)", /* 017 */
- "Reserved error message 18 (kerberos)", /* 018 */
- "Reserved error message 19 (kerberos)", /* 019 */
- "Permission Denied (kerberos)", /* 020 */
- "Can't read ticket file (krb_get_cred)", /* 021 */
- "Can't find ticket (krb_get_cred)", /* 022 */
- "Reserved error message 23 (krb_get_cred)", /* 023 */
- "Reserved error message 24 (krb_get_cred)", /* 024 */
- "Reserved error message 25 (krb_get_cred)", /* 025 */
- "Ticket granting ticket expired (krb_mk_req)", /* 026 */
- "Reserved error message 27 (krb_mk_req)", /* 027 */
- "Reserved error message 28 (krb_mk_req)", /* 028 */
- "Reserved error message 29 (krb_mk_req)", /* 029 */
- "Reserved error message 30 (krb_mk_req)", /* 030 */
- "Can't decode authenticator (krb_rd_req)", /* 031 */
- "Ticket expired (krb_rd_req)", /* 032 */
- "Ticket issue date too far in the future (krb_rd_req)",/* 033 */
- "Repeat request (krb_rd_req)", /* 034 */
- "Ticket for wrong server (krb_rd_req)", /* 035 */
- "Request inconsistent (krb_rd_req)", /* 036 */
- "Time is out of bounds (krb_rd_req)", /* 037 */
- "Incorrect network address (krb_rd_req)", /* 038 */
- "Protocol version mismatch (krb_rd_req)", /* 039 */
- "Invalid message type (krb_rd_req)", /* 040 */
- "Message integrity error (krb_rd_req)", /* 041 */
- "Message duplicate or out of order (krb_rd_req)", /* 042 */
- "Unauthorized request (krb_rd_req)", /* 043 */
- "Reserved error message 44 (krb_rd_req)", /* 044 */
- "Reserved error message 45 (krb_rd_req)", /* 045 */
- "Reserved error message 46 (krb_rd_req)", /* 046 */
- "Reserved error message 47 (krb_rd_req)", /* 047 */
- "Reserved error message 48 (krb_rd_req)", /* 048 */
- "Reserved error message 49 (krb_rd_req)", /* 049 */
- "Reserved error message 50 (krb_rd_req)", /* 050 */
- "Current password is NULL (get_pw_tkt)", /* 051 */
- "Current password incorrect (get_pw_tkt)", /* 052 */
- "Protocol error (gt_pw_tkt)", /* 053 */
- "Error returned by KDC (gt_pw_tkt)", /* 054 */
- "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */
- "Retry count exceeded (send_to_kdc)", /* 056 */
- "Can't send request (send_to_kdc)", /* 057 */
- "Reserved error message 58 (send_to_kdc)", /* 058 */
- "Reserved error message 59 (send_to_kdc)", /* 059 */
- "Reserved error message 60 (send_to_kdc)", /* 060 */
- "Warning: Not ALL tickets returned", /* 061 */
- "Password incorrect", /* 062 */
- "Protocol error (get_in_tkt)", /* 063 */
- "Reserved error message 64 (get_in_tkt)", /* 064 */
- "Reserved error message 65 (get_in_tkt)", /* 065 */
- "Reserved error message 66 (get_in_tkt)", /* 066 */
- "Reserved error message 67 (get_in_tkt)", /* 067 */
- "Reserved error message 68 (get_in_tkt)", /* 068 */
- "Reserved error message 69 (get_in_tkt)", /* 069 */
- "Generic error (get_in_tkt)(can't write ticket file)", /* 070 */
- "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */
- "Can't get inter-realm ticket granting ticket (get_ad_tkt)", /* 072 */
- "Reserved error message 73 (get_ad_tkt)", /* 073 */
- "Reserved error message 74 (get_ad_tkt)", /* 074 */
- "Reserved error message 75 (get_ad_tkt)", /* 075 */
- "No ticket file (tf_util)", /* 076 */
- "Can't access ticket file (tf_util)", /* 077 */
- "Can't lock ticket file; try later (tf_util)", /* 078 */
- "Bad ticket file format (tf_util)", /* 079 */
- "Read ticket file before tf_init (tf_util)", /* 080 */
- "Bad Kerberos name format (kname_parse)", /* 081 */
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "Generic kerberos error (kfailure)", /* 255 */
-};
-
-static const char err_failure[] = "Unknown error code passed (krb_get_err_text)";
-
-const char *
-krb_get_err_text(int code)
-{
- if(code < 0 || code >= MAX_KRB_ERRORS)
- return err_failure;
- return krb_err_txt[code];
-}
diff --git a/kerberosIV/krb/krb_get_in_tkt.c b/kerberosIV/krb/krb_get_in_tkt.c
deleted file mode 100644
index 327bc3f3d0f..00000000000
--- a/kerberosIV/krb/krb_get_in_tkt.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/* $OpenBSD: krb_get_in_tkt.c,v 1.6 1998/07/07 19:06:57 art Exp $ */
-/* $KTH: krb_get_in_tkt.c,v 1.25 1998/05/01 05:18:08 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * decrypt_tkt(): Given user, instance, realm, passwd, key_proc
- * and the cipher text sent from the KDC, decrypt the cipher text
- * using the key returned by key_proc.
- */
-
-static int
-decrypt_tkt(char *user, char *instance, char *realm,
- void *arg, key_proc_t key_proc, KTEXT *cip)
-{
- des_cblock key; /* Key for decrypting cipher */
- int ret;
-
- ret = key_proc(user, instance, realm, arg, &key);
- if (ret != 0)
- return ret;
-
- encrypt_ktext(*cip, &key, DES_DECRYPT);
-
- memset(&key, 0, sizeof(key));
- return 0;
-}
-
-/*
- * krb_get_in_tkt() gets a ticket for a given principal to use a given
- * service and stores the returned ticket and session key for future
- * use.
- *
- * The "user", "instance", and "realm" arguments give the identity of
- * the client who will use the ticket. The "service" and "sinstance"
- * arguments give the identity of the server that the client wishes
- * to use. (The realm of the server is the same as the Kerberos server
- * to whom the request is sent.) The "life" argument indicates the
- * desired lifetime of the ticket; the "key_proc" argument is a pointer
- * to the routine used for getting the client's private key to decrypt
- * the reply from Kerberos. The "decrypt_proc" argument is a pointer
- * to the routine used to decrypt the reply from Kerberos; and "arg"
- * is an argument to be passed on to the "key_proc" routine.
- *
- * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it
- * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned
- * by Kerberos, then the error code it contains is returned. Other
- * error codes returned by this routine include INTK_PROT to indicate
- * wrong protocol version, INTK_BADPW to indicate bad password (if
- * decrypted ticket didn't make sense), INTK_ERR if the ticket was for
- * the wrong server or the ticket store couldn't be initialized.
- *
- * The format of the message sent to Kerberos is as follows:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_KDC_REQUEST | message type
- * HOST_BYTE_ORDER local byte order in lsb
- * string user client's name
- * string instance client's instance
- * string realm client's realm
- * 4 bytes tlocal.tv_sec timestamp in seconds
- * 1 byte life desired lifetime
- * string service service's name
- * string sinstance service's instance
- */
-
-int
-krb_mk_as_req(char *user, char *instance, char *realm,
- char *service, char *sinstance, int life, KTEXT cip)
-{
- KTEXT_ST pkt_st;
- KTEXT pkt = &pkt_st; /* Packet to KDC */
- KTEXT_ST rpkt_st;
- KTEXT rpkt = &rpkt_st; /* Reply from KDC */
-
- int kerror;
- struct timeval tv;
-
- /* BUILD REQUEST PACKET */
-
- unsigned char *p = pkt->dat;
-
- p += krb_put_int(KRB_PROT_VERSION, p, 1);
- p += krb_put_int(AUTH_MSG_KDC_REQUEST, p, 1);
-
- p += krb_put_nir(user, instance, realm, p);
-
- gettimeofday(&tv, NULL);
- p += krb_put_int(tv.tv_sec, p, 4);
- p += krb_put_int(life, p, 1);
-
- p += krb_put_nir(service, sinstance, NULL, p);
-
- pkt->length = p - pkt->dat;
-
- rpkt->length = 0;
-
- /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
-
- kerror = send_to_kdc(pkt, rpkt, realm);
- if(kerror) return kerror;
- kerror = kdc_reply_cipher(rpkt, cip);
- return kerror;
-}
-
-int
-krb_decode_as_rep(char *user, char *instance, char *realm,
- char *service, char *sinstance,
- key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg,
- KTEXT as_rep, CREDENTIALS *cred)
-{
- int kerror;
- time_t now;
-
- if (decrypt_proc == NULL)
- decrypt_proc = decrypt_tkt;
- (*decrypt_proc)(user, instance, realm, arg, key_proc, &as_rep);
-
- kerror = kdc_reply_cred(as_rep, cred);
- if(kerror != KSUCCESS)
- return kerror;
-
- if (strcmp(cred->service, service) ||
- strcmp(cred->instance, sinstance) ||
- strcmp(cred->realm, realm)) /* not what we asked for */
- return INTK_ERR; /* we need a better code here XXX */
-
- now = time(NULL);
- if(krb_get_config_bool("kdc_timesync"))
- krb_set_kdc_time_diff(cred->issue_date - now);
- else if (abs((int)(now - cred->issue_date)) > CLOCK_SKEW)
- return RD_AP_TIME; /* XXX should probably be better code */
-
- return 0;
-}
-
-int
-krb_get_in_tkt(char *user, char *instance, char *realm,
- char *service, char *sinstance, int life,
- key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg)
-{
- KTEXT_ST as_rep;
- CREDENTIALS cred;
- int ret;
-
- ret = krb_mk_as_req(user, instance, realm,
- service, sinstance, life, &as_rep);
- if(ret)
- return ret;
- ret = krb_decode_as_rep(user, instance, realm, service, sinstance,
- key_proc, decrypt_proc, arg, &as_rep, &cred);
- if(ret)
- return ret;
-
- return tf_setup(&cred, user, instance);
-}
diff --git a/kerberosIV/krb/krb_locl.h b/kerberosIV/krb/krb_locl.h
deleted file mode 100644
index 618cfb5e10e..00000000000
--- a/kerberosIV/krb/krb_locl.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/* $OpenBSD: krb_locl.h,v 1.7 1998/11/28 23:41:02 art Exp $ */
-/* $KTH: krb_locl.h,v 1.48 1998/04/04 17:56:49 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __krb_locl_h
-#define __krb_locl_h
-
-#include <sys/cdefs.h>
-#include <kerberosIV/site.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <assert.h>
-#include <stdarg.h>
-
-#include <errno.h>
-
-#include <pwd.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
-#include <sys/time.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <sys/file.h>
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <arpa/nameser.h>
-#include <resolv.h>
-#include <errno.h>
-
-#include <kerberosIV/krb.h>
-#include <kerberosIV/prot.h>
-
-#include "resolve.h"
-#include "krb_log.h"
-
-/* --- */
-
-/* Utils */
-int
-krb_name_to_name __P((
- const char *host,
- char *phost,
- size_t phost_size));
-
-void
-encrypt_ktext __P((
- KTEXT cip,
- des_cblock *key,
- int encrypt));
-
-int
-kdc_reply_cipher __P((
- KTEXT reply,
- KTEXT cip));
-
-int
-kdc_reply_cred __P((
- KTEXT cip,
- CREDENTIALS *cred));
-
-void
-k_ricercar __P((char *name));
-
-/* used in rd_safe.c and mk_safe.c */
-void
-fixup_quad_cksum __P((
- void *start,
- size_t len,
- des_cblock *key,
- void *new_checksum,
- void *old_checksum,
- int little));
-
-void
-krb_kdctimeofday __P((struct timeval *tv));
-
-/* stuff from libroken*/
-
-#ifndef TRUE
-#define TRUE 1
-#endif
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-
-char *strtok_r(char *s1, const char *s2, char **lasts);
-
-int k_concat(char *, size_t, ...);
-int k_vconcat(char *, size_t, va_list);
-size_t k_vmconcat(char **, size_t, va_list);
-size_t k_mconcat(char **, size_t, ...);
-
-/* Temporary fixes for krb_{rd,mk}_safe */
-#define DES_QUAD_GUESS 0
-#define DES_QUAD_NEW 1
-#define DES_QUAD_OLD 2
-
-/* Set this to one of the constants above to specify default checksum
- type to emit */
-#define DES_QUAD_DEFAULT DES_QUAD_GUESS
-
-#endif /* __krb_locl_h */
diff --git a/kerberosIV/krb/krb_realmofhost.3 b/kerberosIV/krb/krb_realmofhost.3
deleted file mode 100644
index 93793078ae8..00000000000
--- a/kerberosIV/krb/krb_realmofhost.3
+++ /dev/null
@@ -1,183 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: krb_realmofhost.3,v 1.5 1999/05/12 13:26:47 aaron Exp $
-.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst,
-krb_get_lrealm \- additional Kerberos utility routines
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-#include <kerberosIV/des.h>
-#include <kerberosIV/netinet/in.h>
-.PP
-.ft B
-char *krb_realmofhost(host)
-char *host;
-.PP
-.ft B
-char *krb_get_phost(alias)
-char *alias;
-.PP
-.ft B
-krb_get_krbhst(host,realm,n)
-char *host;
-char *realm;
-int n;
-.PP
-.ft B
-krb_get_admhst(host,realm,n)
-char *host;
-char *realm;
-int n;
-.PP
-.ft B
-krb_get_lrealm(realm,n)
-char *realm;
-int n;
-.fi
-.ft R
-.SH DESCRIPTION
-.I krb_realmofhost
-returns the Kerberos realm of the host
-.IR host ,
-as determined by the translation table
-.IR /etc/krb.realms .
-.I host
-should be the fully qualified domain-style primary host name of the host
-in question. In order to prevent certain security attacks, this routine
-must either have
-.I a priori
-knowledge of a host's realm, or obtain such information securely.
-.PP
-The format of the translation file is described by
-.IR krb.realms (5).
-If
-.I host
-exactly matches a host_name line, the corresponding realm
-is returned.
-Otherwise, if the domain portion of
-.I host
-matches a domain_name line, the corresponding realm
-is returned.
-If
-.I host
-contains a domain, but no translation is found,
-.IR host 's
-domain is converted to upper-case and returned.
-If
-.I host
-contains no discernable domain, or an error occurs,
-the local realm name, as supplied by
-.IR krb_get_lrealm (3),
-is returned.
-.PP
-.I krb_get_phost
-converts the hostname
-.I alias
-(which can be either an official name or an alias) into the instance
-name to be used in obtaining Kerberos tickets for most services,
-including the Berkeley rcmd suite (rlogin, rcp, rsh).
-.br
-The current convention is to return the first segment of the official
-domain-style name after conversion to lower case.
-.PP
-.I krb_get_krbhst
-fills in
-.I host
-with the hostname of the
-.IR n th
-host running a Kerberos key distribution center (KDC)
-for realm
-.IR realm ,
-as specified in the configuration file (\fI/etc/krb.conf\fR).
-The configuration file is described by
-.IR krb.conf (5).
-If the host is successfully filled in, the routine
-returns KSUCCESS.
-If the file cannot be opened, and
-.I n
-equals 1, then the value of KRB_HOST as defined in
-.I <krb.h>
-is filled in, and KSUCCESS is returned. If there are fewer than
-.I n
-hosts running a Kerberos KDC for the requested realm, or the
-configuration file is malformed, the routine
-returns KFAILURE.
-.PP
-.I krb_get_admhst
-fills in
-.I host
-with the hostname of the
-.IR n th
-host running a Kerberos KDC database administration server
-for realm
-.IR realm ,
-as specified in the configuration file (\fI/etc/krb.conf\fR).
-If the file cannot be opened or is malformed, or there are fewer than
-.I n
-hosts running a Kerberos KDC database administration server,
-the routine returns KFAILURE.
-.PP
-The character arrays used as return values for
-.IR krb_get_krbhst ,
-.IR krb_get_admhst ,
-should be large enough to
-hold any hostname (MAXHOSTNAMELEN from <sys/param.h>).
-.PP
-.I krb_get_lrealm
-fills in
-.I realm
-with the
-.IR n th
-realm of the local host, as specified in the configuration file.
-.I realm
-should be at least REALM_SZ (from
-.IR <krb.h>) characters long.
-.PP
-.SH SEE ALSO
-kerberos(3), krb.conf(5), krb.realms(5)
-.SH FILES
-.TP 20n
-/etc/krb.realms
-translation file for host-to-realm mapping.
-.TP
-/etc/krb.conf
-local realm-name and realm/server configuration file.
-.SH BUGS
-The current convention for instance names is too limited; the full
-domain name should be used.
-.PP
-.I krb_get_lrealm
-currently only supports
-.I n
-= 1. It should really consult the user's ticket cache to determine the
-user's current realm, rather than consulting a file on the host.
diff --git a/kerberosIV/krb/krb_sendauth.3 b/kerberosIV/krb/krb_sendauth.3
deleted file mode 100644
index 4cca0cda727..00000000000
--- a/kerberosIV/krb/krb_sendauth.3
+++ /dev/null
@@ -1,370 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1988 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: krb_sendauth.3,v 1.5 1999/09/23 04:11:59 alex Exp $
-.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \-
-Kerberos routines for sending authentication via network stream sockets
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-#include <kerberosIV/des.h>
-#include <netinet/in.h>
-.PP
-.fi
-.HP 1i
-.ft B
-int krb_sendauth(options, fd, ktext, service, inst, realm, checksum,
-msg_data, cred, schedule, laddr, faddr, version)
-.nf
-.RS 0
-.ft B
-long options;
-int fd;
-KTEXT ktext;
-char *service, *inst, *realm;
-u_long checksum;
-MSG_DAT *msg_data;
-CREDENTIALS *cred;
-Key_schedule schedule;
-struct sockaddr_in *laddr, *faddr;
-char *version;
-.PP
-.fi
-.HP 1i
-.ft B
-int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr,
-auth_data, filename, schedule, version)
-.nf
-.RS 0
-.ft B
-long options;
-int fd;
-KTEXT ktext;
-char *service, *inst;
-struct sockaddr_in *faddr, *laddr;
-AUTH_DAT *auth_data;
-char *filename;
-Key_schedule schedule;
-char *version;
-.PP
-.ft B
-int krb_net_write(fd, buf, len)
-int fd;
-char *buf;
-int len;
-.PP
-.ft B
-int krb_net_read(fd, buf, len)
-int fd;
-char *buf;
-int len;
-.fi
-.SH DESCRIPTION
-.PP
-These functions,
-which are built on top of the core Kerberos library,
-provide a convenient means for client and server
-programs to send authentication messages
-to one another through network connections.
-The
-.I krb_sendauth
-function sends an authenticated ticket from the client program to
-the server program by writing the ticket to a network socket.
-The
-.I krb_recvauth
-function receives the ticket from the client by
-reading from a network socket.
-
-.SH KRB_SENDAUTH
-.PP
-This function writes the ticket to
-the network socket specified by the
-file descriptor
-.IR fd,
-returning KSUCCESS if the write proceeds successfully,
-and an error code if it does not.
-
-The
-.I ktext
-argument should point to an allocated KTEXT_ST structure.
-The
-.IR service,
-.IR inst,
-and
-.IR realm
-arguments specify the server program's Kerberos principal name,
-instance, and realm.
-If you are writing a client that uses the local realm exclusively,
-you can set the
-.I realm
-argument to NULL.
-
-The
-.I version
-argument allows the client program to pass an application-specific
-version string that the server program can then match against
-its own version string.
-The
-.I version
-string can be up to KSEND_VNO_LEN (see
-.IR <krb.h> )
-characters in length.
-
-The
-.I checksum
-argument can be used to pass checksum information to the
-server program.
-The client program is responsible for specifying this information.
-This checksum information is difficult to corrupt because
-.I krb_sendauth
-passes it over the network in encrypted form.
-The
-.I checksum
-argument is passed as the checksum argument to
-.IR krb_mk_req .
-
-You can set
-.IR krb_sendauth's
-other arguments to NULL unless you want the
-client and server programs to mutually authenticate
-themselves.
-In the case of mutual authentication,
-the client authenticates itself to the server program,
-and demands that the server in turn authenticate itself to
-the client.
-
-.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION
-.PP
-If you want mutual authentication,
-make sure that you read all pending data from the local socket
-before calling
-.IR krb_sendauth.
-Set
-.IR krb_sendauth's
-.I options
-argument to
-.BR KOPT_DO_MUTUAL
-(this macro is defined in the
-.IR krb.h
-file);
-make sure that the
-.I laddr
-argument points to
-the address of the local socket,
-and that
-.I faddr
-points to the foreign socket's network address.
-
-.I Krb_sendauth
-fills in the other arguments--
-.IR msg_data ,
-.IR cred ,
-and
-.IR schedule --before
-sending the ticket to the server program.
-You must, however, allocate space for these arguments
-before calling the function.
-
-.I Krb_sendauth
-supports two other options:
-.BR KOPT_DONT_MK_REQ,
-and
-.BR KOPT_DONT_CANON.
-If called with
-.I options
-set as KOPT_DONT_MK_REQ,
-.I krb_sendauth
-will not use the
-.I krb_mk_req
-function to retrieve the ticket from the Kerberos server.
-The
-.I ktext
-argument must point to an existing ticket and authenticator (such as
-would be created by
-.IR krb_mk_req ),
-and the
-.IR service,
-.IR inst,
-and
-.IR realm
-arguments can be set to NULL.
-
-If called with
-.I options
-set as KOPT_DONT_CANON,
-.I krb_sendauth
-will not convert the service's instance to canonical form using
-.IR krb_get_phost (3).
-
-If you want to call
-.I krb_sendauth
-with a multiple
-.I options
-specification,
-construct
-.I options
-as a bitwise-OR of the options you want to specify.
-
-.SH KRB_RECVAUTH
-.PP
-The
-.I krb_recvauth
-function
-reads a ticket/authenticator pair from the socket pointed to by the
-.I fd
-argument.
-Set the
-.I options
-argument
-as a bitwise-OR of the options desired.
-Currently only KOPT_DO_MUTUAL is useful to the receiver.
-
-The
-.I ktext
-argument
-should point to an allocated KTEXT_ST structure.
-.I Krb_recvauth
-fills
-.I ktext
-with the
-ticket/authenticator pair read from
-.IR fd ,
-then passes it to
-.IR krb_rd_req .
-
-The
-.I service
-and
-.I inst
-arguments
-specify the expected service and instance for which the ticket was
-generated. They are also passed to
-.IR krb_rd_req.
-The
-.I inst
-argument may be set to "*" if the caller wishes
-.I krb_mk_req
-to fill in the instance used (note that there must be space in the
-.I inst
-argument to hold a full instance name, see
-.IR krb_mk_req (3)).
-
-The
-.I faddr
-argument
-should point to the address of the peer which is presenting the ticket.
-It is also passed to
-.IR krb_rd_req .
-
-If the client and server plan to mutually authenticate
-one another,
-the
-.I laddr
-argument
-should point to the local address of the file descriptor.
-Otherwise you can set this argument to NULL.
-
-The
-.I auth_data
-argument
-should point to an allocated AUTH_DAT area.
-It is passed to and filled in by
-.IR krb_rd_req .
-The checksum passed to the corresponding
-.I krb_sendauth
-is available as part of the filled-in AUTH_DAT area.
-
-The
-.I filename
-argument
-specifies the filename
-which the service program should use to obtain its service key.
-.I Krb_recvauth
-passes
-.I filename
-to the
-.I krb_rd_req
-function.
-If you set this argument to "",
-.I krb_rd_req
-looks for the service key in the file
-.IR /etc/srvtab.
-
-If the client and server are performing mutual authentication,
-the
-.I schedule
-argument
-should point to an allocated Key_schedule.
-Otherwise it is ignored and may be NULL.
-
-The
-.I version
-argument should point to a character array of at least KSEND_VNO_LEN
-characters. It is filled in with the version string passed by the client to
-.IR krb_sendauth.
-.PP
-.SH KRB_NET_WRITE AND KRB_NET_READ
-.PP
-The
-.I krb_net_write
-function
-emulates the write(2) system call, but guarantees that all data
-specified is written to
-.I fd
-before returning, unless an error condition occurs.
-.PP
-The
-.I krb_net_read
-function
-emulates the read(2) system call, but guarantees that the requested
-amount of data is read from
-.I fd
-before returning, unless an error condition occurs.
-.PP
-.SH BUGS
-.IR krb_sendauth,
-.IR krb_recvauth,
-.IR krb_net_write,
-and
-.IR krb_net_read
-will not work properly on sockets set to non-blocking I/O mode.
-
-.SH SEE ALSO
-
-krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
-
-.SH AUTHOR
-John T. Kohl, MIT Project Athena
-.SH RESTRICTIONS
-Copyright 1988, Massachusetts Instititute of Technology.
-For copying and distribution information,
-please see the file <mit-copyright.h>.
diff --git a/kerberosIV/krb/krb_set_tkt_string.3 b/kerberosIV/krb/krb_set_tkt_string.3
deleted file mode 100644
index 6e1f1def01e..00000000000
--- a/kerberosIV/krb/krb_set_tkt_string.3
+++ /dev/null
@@ -1,65 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: krb_set_tkt_string.3,v 1.4 1998/02/25 15:51:27 art Exp $
-.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_set_tkt_string \- set Kerberos ticket cache file name
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-void krb_set_tkt_string(filename)
-char *filename;
-.fi
-.ft R
-.SH DESCRIPTION
-.I krb_set_tkt_string
-sets the name of the file that holds the user's
-cache of Kerberos server tickets and associated session keys.
-.PP
-The string
-.I filename
-passed in is copied into local storage.
-Only MAXPATHLEN-1 (see <sys/param.h>) characters of the filename are
-copied in for use as the cache file name.
-.PP
-This routine should be called during initialization, before other
-Kerberos routines are called; otherwise the routines which fetch the
-ticket cache file name may be called and return an undesired ticket file
-name until this routine is called.
-.SH FILES
-.TP 20n
-/tmp/tkt[uid]
-default ticket file name, unless the environment variable KRBTKFILE is set.
-[uid] denotes the user's uid, in decimal.
-.SH SEE ALSO
-kerberos(3), setenv(3)
diff --git a/kerberosIV/krb/kuserok.3 b/kerberosIV/krb/kuserok.3
deleted file mode 100644
index 8a7ce4c7d83..00000000000
--- a/kerberosIV/krb/kuserok.3
+++ /dev/null
@@ -1,85 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kuserok.3,v 1.5 1998/03/25 21:00:39 art Exp $
-.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kuserok \- Kerberos version of ruserok
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-kuserok(kdata, localuser)
-AUTH_DAT *auth_data;
-char *localuser;
-.fi
-.ft R
-.SH DESCRIPTION
-.I kuserok
-determines whether a Kerberos principal described by the structure
-.I auth_data
-is authorized to login as user
-.I localuser
-according to the authorization file
-("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized,
-1 (one) if not authorized.
-.PP
-If there is no account for
-.I localuser
-on the local machine, authorization is not granted.
-If there is no authorization file, and the Kerberos principal described
-by
-.I auth_data
-translates to
-.I localuser
-(using
-.IR krb_kntoln (3)),
-authorization is granted.
-If the authorization file
-can't be accessed, or the file is not owned by
-.IR localuser,
-authorization is denied. Otherwise, the file is searched for
-a matching principal name, instance, and realm. If a match is found,
-authorization is granted, else authorization is denied.
-.PP
-The file entries are in the format:
-.nf
-.in +5n
- name.instance@realm
-.in -5n
-.fi
-with one entry per line.
-.SH SEE ALSO
-kerberos(3), ruserok(3), krb_kntoln(3)
-.SH FILES
-.TP 20n
-~\fIlocaluser\fR/.klogin
-authorization list
diff --git a/kerberosIV/krb/kuserok.c b/kerberosIV/krb/kuserok.c
deleted file mode 100644
index 0888a83c20f..00000000000
--- a/kerberosIV/krb/kuserok.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/* $OpenBSD: kuserok.c,v 1.6 1997/12/12 05:30:26 art Exp $ */
-/* $KTH: kuserok.c,v 1.21 1997/04/01 08:18:35 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-#define OK 0
-#define NOTOK 1
-#define MAX_USERNAME 10
-
-/*
- * Given a Kerberos principal and a local username, determine whether
- * user is authorized to login according to the authorization file
- * ("~luser/.klogin" by default). Returns OK if authorized, NOTOK if
- * not authorized.
- *
- * IMPORTANT CHANGE: To eliminate the need of making a distinction
- * between the 3 cases:
- *
- * 1. We can't verify that a .klogin file doesn't exist (no home dir).
- * 2. It's there but we aren't allowed to read it.
- * 3. We can read it and ~luser@LOCALREALM is (not) included.
- *
- * We instead make the assumption that luser@LOCALREALM is *always*
- * included. Thus it is impossible to have an empty .klogin file and
- * also to exclude luser@LOCALREALM from it. Root is treated differently
- * since it's home should always be available.
- *
- * OLD STRATEGY:
- * If there is no account for "luser" on the local machine, returns
- * NOTOK. If there is no authorization file, and the given Kerberos
- * name "kdata" translates to the same name as "luser" (using
- * krb_kntoln()), returns OK. Otherwise, if the authorization file
- * can't be accessed, returns NOTOK. Otherwise, the file is read for
- * a matching principal name, instance, and realm. If one is found,
- * returns OK, if none is found, returns NOTOK.
- *
- * The file entries are in the format:
- *
- * name.instance@realm
- *
- * one entry per line.
- *
- */
-
-int
-krb_kuserok(char *name, char *instance, char *realm, char *luser)
-{
- struct passwd *pwd;
- char lrealm[REALM_SZ];
- FILE *f;
- char line[1024];
- char file[MAXPATHLEN];
- struct stat st;
-
- if (luser == NULL)
- return NOTOK;
-
- pwd = getpwnam(luser);
- if(pwd == NULL)
- return NOTOK;
-
- if(krb_get_lrealm(lrealm, 1))
- return NOTOK;
-
- if(pwd->pw_uid != 0 &&
- strcmp(name, luser) == 0 &&
- strcmp(instance, "") == 0 &&
- strcmp(realm, lrealm) == 0)
- return OK;
-
- snprintf(file, sizeof(file), "%s/.klogin", pwd->pw_dir);
-
- f = fopen(file, "r");
- if(f == NULL)
- return NOTOK;
-
- /* this is not a working test in filesystems like AFS and DFS */
- if(fstat(fileno(f), &st) < 0){
- fclose(f);
- return NOTOK;
- }
-
- if(st.st_uid != pwd->pw_uid){
- fclose(f);
- return NOTOK;
- }
-
- while(fgets(line, sizeof(line), f)){
- char fname[ANAME_SZ], finst[INST_SZ], frealm[REALM_SZ];
- if(line[strlen(line) - 1] != '\n')
- /* read till end of line */
- while(1){
- int c = fgetc(f);
- if(c == '\n' || c == EOF)
- break;
- }
- else
- line[strlen(line) - 1] = 0;
-
- if(kname_parse(fname, finst, frealm, line))
- continue;
- if(strcmp(name, fname))
- continue;
- if(strcmp(instance, finst))
- continue;
- if(frealm[0] == 0)
- {
- strncpy(frealm, lrealm, REALM_SZ);
- frealm[REALM_SZ-1] = '\0';
- }
- if(strcmp(realm, frealm))
- continue;
- fclose(f);
- return OK;
- }
- fclose(f);
- return NOTOK;
-}
-
-/* compatibility interface */
-
-int
-kuserok(AUTH_DAT *auth, char *luser)
-{
- return krb_kuserok(auth->pname, auth->pinst, auth->prealm, luser);
-}
-
diff --git a/kerberosIV/krb/lifetime.c b/kerberosIV/krb/lifetime.c
deleted file mode 100644
index 3a02f1a4a01..00000000000
--- a/kerberosIV/krb/lifetime.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/* $OpenBSD: lifetime.c,v 1.4 1997/12/09 07:57:26 art Exp $ */
-/* $KTH: lifetime.c,v 1.9 1997/05/02 14:29:18 assar Exp $ */
-
-/*
- * Ticket lifetime. This defines the table used to lookup lifetime
- * for the fixed part of rande of the one byte lifetime field. Values
- * less than 0x80 are intrpreted as the number of 5 minute intervals.
- * Values from 0x80 to 0xBF should be looked up in this table. The
- * value of 0x80 is the same using both methods: 10 and two-thirds
- * hours . The lifetime of 0xBF is 30 days. The intervening values
- * of have a fixed ratio of roughly 1.06914. The value 0xFF is
- * defined to mean a ticket has no expiration time. This should be
- * used advisedly since individual servers may impose defacto
- * upperbounds on ticket lifetimes.
- */
-
-#include "krb_locl.h"
-
-/* If you want to disable this feature */
-int krb_no_long_lifetimes = 0;
-
-#define TKTLIFENUMFIXED 64
-#define TKTLIFEMINFIXED 0x80
-#define TKTLIFEMAXFIXED 0xBF
-#define TKTLIFENOEXPIRE 0xFF
-#define MAXTKTLIFETIME (30*24*3600) /* 30 days */
-#ifndef NEVERDATE
-#define NEVERDATE ((unsigned long)0x7fffffffL)
-#endif
-
-static const int tkt_lifetimes[TKTLIFENUMFIXED] = {
- 38400, /* 10.67 hours, 0.44 days */
- 41055, /* 11.40 hours, 0.48 days */
- 43894, /* 12.19 hours, 0.51 days */
- 46929, /* 13.04 hours, 0.54 days */
- 50174, /* 13.94 hours, 0.58 days */
- 53643, /* 14.90 hours, 0.62 days */
- 57352, /* 15.93 hours, 0.66 days */
- 61318, /* 17.03 hours, 0.71 days */
- 65558, /* 18.21 hours, 0.76 days */
- 70091, /* 19.47 hours, 0.81 days */
- 74937, /* 20.82 hours, 0.87 days */
- 80119, /* 22.26 hours, 0.93 days */
- 85658, /* 23.79 hours, 0.99 days */
- 91581, /* 25.44 hours, 1.06 days */
- 97914, /* 27.20 hours, 1.13 days */
- 104684, /* 29.08 hours, 1.21 days */
- 111922, /* 31.09 hours, 1.30 days */
- 119661, /* 33.24 hours, 1.38 days */
- 127935, /* 35.54 hours, 1.48 days */
- 136781, /* 37.99 hours, 1.58 days */
- 146239, /* 40.62 hours, 1.69 days */
- 156350, /* 43.43 hours, 1.81 days */
- 167161, /* 46.43 hours, 1.93 days */
- 178720, /* 49.64 hours, 2.07 days */
- 191077, /* 53.08 hours, 2.21 days */
- 204289, /* 56.75 hours, 2.36 days */
- 218415, /* 60.67 hours, 2.53 days */
- 233517, /* 64.87 hours, 2.70 days */
- 249664, /* 69.35 hours, 2.89 days */
- 266926, /* 74.15 hours, 3.09 days */
- 285383, /* 79.27 hours, 3.30 days */
- 305116, /* 84.75 hours, 3.53 days */
- 326213, /* 90.61 hours, 3.78 days */
- 348769, /* 96.88 hours, 4.04 days */
- 372885, /* 103.58 hours, 4.32 days */
- 398668, /* 110.74 hours, 4.61 days */
- 426234, /* 118.40 hours, 4.93 days */
- 455705, /* 126.58 hours, 5.27 days */
- 487215, /* 135.34 hours, 5.64 days */
- 520904, /* 144.70 hours, 6.03 days */
- 556921, /* 154.70 hours, 6.45 days */
- 595430, /* 165.40 hours, 6.89 days */
- 636601, /* 176.83 hours, 7.37 days */
- 680618, /* 189.06 hours, 7.88 days */
- 727680, /* 202.13 hours, 8.42 days */
- 777995, /* 216.11 hours, 9.00 days */
- 831789, /* 231.05 hours, 9.63 days */
- 889303, /* 247.03 hours, 10.29 days */
- 950794, /* 264.11 hours, 11.00 days */
- 1016537, /* 282.37 hours, 11.77 days */
- 1086825, /* 301.90 hours, 12.58 days */
- 1161973, /* 322.77 hours, 13.45 days */
- 1242318, /* 345.09 hours, 14.38 days */
- 1328218, /* 368.95 hours, 15.37 days */
- 1420057, /* 394.46 hours, 16.44 days */
- 1518247, /* 421.74 hours, 17.57 days */
- 1623226, /* 450.90 hours, 18.79 days */
- 1735464, /* 482.07 hours, 20.09 days */
- 1855462, /* 515.41 hours, 21.48 days */
- 1983758, /* 551.04 hours, 22.96 days */
- 2120925, /* 589.15 hours, 24.55 days */
- 2267576, /* 629.88 hours, 26.25 days */
- 2424367, /* 673.44 hours, 28.06 days */
- 2592000}; /* 720.00 hours, 30.00 days */
-
-/*
- * krb_life_to_time - takes a start time and a Kerberos standard
- * lifetime char and returns the corresponding end time. There are
- * four simple cases to be handled. The first is a life of 0xff,
- * meaning no expiration, and results in an end time of 0xffffffff.
- * The second is when life is less than the values covered by the
- * table. In this case, the end time is the start time plus the
- * number of 5 minute intervals specified by life. The third case
- * returns start plus the MAXTKTLIFETIME if life is greater than
- * TKTLIFEMAXFIXED. The last case, uses the life value (minus
- * TKTLIFEMINFIXED) as an index into the table to extract the lifetime
- * in seconds, which is added to start to produce the end time.
- */
-u_int32_t
-krb_life_to_time(u_int32_t start, int life_)
-{
- unsigned char life = (unsigned char) life_;
-
- if (krb_no_long_lifetimes) return start + life*5*60;
-
- if (life == TKTLIFENOEXPIRE) return NEVERDATE;
- if (life < TKTLIFEMINFIXED) return start + life*5*60;
- if (life > TKTLIFEMAXFIXED) return start + MAXTKTLIFETIME;
- return start + tkt_lifetimes[life - TKTLIFEMINFIXED];
-}
-
-/*
- * krb_time_to_life - takes start and end times for the ticket and
- * returns a Kerberos standard lifetime char, possibily using the
- * tkt_lifetimes table for lifetimes above 127*5 minutes. First, the
- * special case of (end == NEVERDATE) is handled to mean no
- * expiration. Then negative lifetimes and those greater than the
- * maximum ticket lifetime are rejected. Then lifetimes less than the
- * first table entry are handled by rounding the requested lifetime
- * *up* to the next 5 minute interval. The final step is to search
- * the table for the smallest entry *greater than or equal* to the
- * requested entry.
- */
-int krb_time_to_life(u_int32_t start, u_int32_t end)
-{
- int i;
- long lifetime = end - start;
-
- if (krb_no_long_lifetimes) return (lifetime + 5*60 - 1)/(5*60);
-
- if (end >= NEVERDATE) return TKTLIFENOEXPIRE;
- if (lifetime > MAXTKTLIFETIME || lifetime <= 0) return 0;
- if (lifetime < tkt_lifetimes[0]) return (lifetime + 5*60 - 1)/(5*60);
- for (i=0; i<TKTLIFENUMFIXED; i++) {
- if (lifetime <= tkt_lifetimes[i]) {
- return i+TKTLIFEMINFIXED;
- }
- }
- return 0;
-}
-
-char *
-krb_life_to_atime(int life)
-{
- static char atime[11+1+2+1+2+1+2+1];
- unsigned long when;
- int secs, mins, hours;
-
- if (life == TKTLIFENOEXPIRE && !krb_no_long_lifetimes)
- return("Forever");
- when = krb_life_to_time(0, life);
- secs = when%60;
- when /= 60;
- mins = when%60;
- when /= 60;
- hours = when%24;
- when /= 24;
- snprintf(atime, sizeof(atime), "%d+%02d:%02d:%02d", (int)when, hours, mins, secs);
- return(atime);
-}
-
-int
-krb_atime_to_life(char *atime)
-{
- unsigned long when = 0;
- char *cp;
- int colon = 0, plus = 0;
- int n = 0;
-
- if (atime == NULL)
- return 0;
-
- if (strcasecmp(atime, "forever") == 0)
- return(TKTLIFENOEXPIRE);
-
- for (cp=atime; *cp; cp++) {
- switch(*cp) {
- case '0': case '1': case '2': case '3': case '4':
- case '5': case '6': case '7': case '8': case '9':
- n = n*10 + *cp-'0';
- break;
- case '+':
- plus++;
- when += n;
- when *= 24;
- n = 0;
- break;
- case ':':
- colon++;
- when += n;
- when *= 60;
- n = 0;
- break;
- default:
- break;
- }
- }
- when += n;
- if (plus == 0 && colon == 0)
- return((unsigned char)when);
- while (colon < 2) {
- when *= 60;
- colon++;
- }
- return(krb_time_to_life(0,when));
-}
diff --git a/kerberosIV/krb/logging.c b/kerberosIV/krb/logging.c
deleted file mode 100644
index 68ad7074d8d..00000000000
--- a/kerberosIV/krb/logging.c
+++ /dev/null
@@ -1,244 +0,0 @@
-/* $OpenBSD: logging.c,v 1.2 1997/12/09 07:57:27 art Exp $ */
-/* $KTH: logging.c,v 1.14 1997/05/11 09:01:40 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-#include <klog.h>
-
-struct krb_log_facility {
- char filename[MAXPATHLEN];
- FILE *file;
- krb_log_func_t func;
-};
-
-int
-krb_vlogger(struct krb_log_facility *f, const char *format, va_list args)
-{
- FILE *file = NULL;
- int ret;
-
- if (f->file != NULL)
- file = f->file;
- else if (f->filename && f->filename[0])
- file = fopen(f->filename, "a");
-
- ret = f->func(file, format, args);
-
- if (file != f->file)
- fclose(file);
- return ret;
-}
-
-int
-krb_logger(struct krb_log_facility *f, const char *format, ...)
-{
- va_list args;
- int ret;
- va_start(args, format);
- ret = krb_vlogger(f, format, args);
- va_end(args);
- return ret;
-}
-
-/*
- * If FILE * is given log to it, otherwise, log to filename. When
- * given a file name the file is opened and closed for each log
- * record.
- */
-int
-krb_openlog(struct krb_log_facility *f,
- char *filename,
- FILE *file,
- krb_log_func_t func)
-{
- if (f == NULL)
- return KFAILURE;
- strncpy(f->filename, filename, MAXPATHLEN);
- f->filename[MAXPATHLEN-1] = '\0';
- f->file = file;
- f->func = func;
- return KSUCCESS;
-}
-
-/* ------------------------------------------------------------
- Compatibility functions from warning.c
- ------------------------------------------------------------ */
-
-static int
-log_tty(FILE *f, const char *format, va_list args)
-{
- if (f != NULL && isatty(fileno(f)))
- vfprintf(f, format, args);
- return KSUCCESS;
-}
-
-/* stderr */
-static struct krb_log_facility std_log = { "/dev/tty", NULL, log_tty };
-
-static void
-init_std_log ()
-{
- static int done = 0;
-
- if (!done) {
- std_log.file = stderr;
- done = 1;
- }
-}
-
-/*
- *
- */
-void
-krb_set_warnfn (krb_warnfn_t newfunc)
-{
- init_std_log ();
- std_log.func = newfunc;
-}
-
-/*
- *
- */
-krb_warnfn_t
-krb_get_warnfn (void)
-{
- init_std_log ();
- return std_log.func;
-}
-
-/*
- * Log warnings to stderr if it's a tty.
- */
-void
-krb_warning (const char *format, ...)
-{
- va_list args;
-
- init_std_log ();
- va_start(args, format);
- krb_vlogger(&std_log, format, args);
- va_end(args);
-}
-
-/* ------------------------------------------------------------
- Compatibility functions from klog.c and log.c
- ------------------------------------------------------------ */
-
-/*
- * Used by kerberos and kadmind daemons and in libkrb (rd_req.c).
- *
- * By default they log to the kerberos server log-file (KRBLOG) to be
- * backwards compatible.
- */
-
-static int
-log_with_timestamp_and_nl(FILE *file, const char *format, va_list args)
-{
- time_t now;
- if(file == NULL)
- return KFAILURE;
- time(&now);
- fputs(krb_stime(&now), file);
- fputs(": ", file);
- vfprintf(file, format, args);
- fputs("\n", file);
- fflush(file);
- return KSUCCESS;
-}
-
-static struct krb_log_facility
-file_log = { KRBLOG, NULL, log_with_timestamp_and_nl };
-
-/*
- * kset_logfile() changes the name of the file to which
- * messages are logged. If kset_logfile() is not called,
- * the logfile defaults to KRBLOG, defined in "krb.h".
- */
-
-void
-kset_logfile(char *filename)
-{
- krb_openlog(&file_log, filename, NULL, log_with_timestamp_and_nl);
-}
-
-/*
- * krb_log() and klog() is used to add entries to the logfile.
- *
- * The log entry consists of a timestamp and the given arguments
- * printed according to the given "format" string.
- *
- * The log file is opened and closed for each log entry.
- *
- * If the given log type "type" is unknown, or if the log file
- * cannot be opened, no entry is made to the log file.
- *
- * CHANGE: the type is always ignored
- *
- * The return value of klog() is always a pointer to the formatted log
- * text string "logtxt".
- */
-
-/* Used in kerberos.c only. */
-char *
-klog(int type, const char *format, ...)
-{
- static char logtxt[1024];
-
- va_list ap;
-
- va_start(ap, format);
- vsnprintf(logtxt, sizeof(logtxt), format, ap);
- va_end(ap);
-
- krb_logger(&file_log, "%s", logtxt);
-
- return logtxt;
-}
-
-/* Used in kadmind and rd_req.c */
-void
-krb_log(const char *format, ...)
-{
- va_list args;
-
- va_start(args, format);
- krb_vlogger(&file_log, format, args);
- va_end(args);
-}
diff --git a/kerberosIV/krb/lsb_addr_comp.c b/kerberosIV/krb/lsb_addr_comp.c
deleted file mode 100644
index 81930cf5d40..00000000000
--- a/kerberosIV/krb/lsb_addr_comp.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/* $OpenBSD: lsb_addr_comp.c,v 1.4 1998/07/07 19:06:58 art Exp $ */
-/* $KTH: lsb_addr_comp.c,v 1.14 1998/05/26 20:37:32 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-#include "krb-archaeology.h"
-
-int
-krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y)
-{
- int i;
- u_int32_t a = 0, b = 0;
- u_int8_t *p = (u_int8_t*) &x;
- u_int8_t *q = (u_int8_t*) &y;
-
- for(i = sizeof(u_int32_t) - 1; i >= 0; i--){
- a = (a << 8) | p[i];
- b = (b << 8) | q[i];
- }
- if(a > b)
- return 1;
- if(a < b)
- return -1;
- return 0;
-}
-
-int
-krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y)
-{
- int i;
- u_int16_t a = 0, b = 0;
- u_int8_t *p = (u_int8_t*) &x;
- u_int8_t *q = (u_int8_t*) &y;
-
- for(i = sizeof(u_int16_t) - 1; i >= 0; i--){
- a = (a << 8) | p[i];
- b = (b << 8) | q[i];
- }
- if(a > b)
- return 1;
- if(a < b)
- return -1;
- return 0;
-}
-
-u_int32_t
-lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst)
-{
- int dir = 1;
- const char *fw;
-
- /*
- * direction bit is the sign bit of the timestamp. Ok until
- * 2038??
- */
- if(krb_debug) {
- krb_warning("lsb_time: src = %s:%u\n",
- inet_ntoa(src->sin_addr), ntohs(src->sin_port));
- krb_warning("lsb_time: dst = %s:%u\n",
- inet_ntoa(dst->sin_addr), ntohs(dst->sin_port));
- }
-
- /* For compatibility with broken old code, compares are done in VAX
- byte order (LSBFIRST) */
- if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */
- dst->sin_addr.s_addr) < 0)
- dir = -1;
- else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr,
- dst->sin_addr.s_addr)==0)
- if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0)
- dir = -1;
- /*
- * all that for one tiny bit! Heaven help those that talk to
- * themselves.
- */
- if(krb_get_config_bool("reverse_lsb_test")) {
- if(krb_debug)
- krb_warning("lsb_time: reversing direction: %d -> %d\n", dir, -dir);
- dir = -dir;
- }else if((fw = krb_get_config_string("firewall_address"))) {
- struct in_addr fw_addr;
- fw_addr.s_addr = inet_addr(fw);
- if(fw_addr.s_addr != INADDR_NONE) {
- int a, b, c;
- krb_warning("lsb_time: fw = %s\n", inet_ntoa(fw_addr));
- /* negate if src < dst and firewall is outside the
- [src,dst] interval */
- a = (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr,
- dst->sin_addr.s_addr) == -1);
- b = (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr,
- fw_addr.s_addr) == 1);
- c = (krb_lsb_antinet_ulong_less(fw_addr.s_addr,
- dst->sin_addr.s_addr) == 1);
- if(a && (b || c)) {
- if(krb_debug)
- krb_warning("lsb_time: reversing direction: %d -> %d\n",
- dir, -dir);
- dir = -dir;
- }
- }
- }
- t = t * dir;
- t = t & 0xffffffff;
- return t;
-}
diff --git a/kerberosIV/krb/mk_auth.c b/kerberosIV/krb/mk_auth.c
deleted file mode 100644
index 196e085e782..00000000000
--- a/kerberosIV/krb/mk_auth.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* $OpenBSD: mk_auth.c,v 1.2 1997/12/09 07:57:28 art Exp $ */
-/* $KTH: mk_auth.c,v 1.4 1997/04/01 08:18:35 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * Generate an authenticator for service.instance@realm.
- * instance is canonicalized by `krb_get_phost'
- * realm is set to the local realm if realm == NULL
- * The ticket acquired by `krb_mk_req' is returned in `ticket' and the
- * authenticator in `buf'.
- * Options control the behaviour (see krb_sendauth).
- */
-
-int
-krb_mk_auth(int32_t options,
- KTEXT ticket,
- char *service,
- char *instance,
- char *realm,
- u_int32_t checksum,
- char *version,
- KTEXT buf)
-{
- char realinst[INST_SZ];
- char realrealm[REALM_SZ];
- int ret;
- unsigned char *p;
- char *tmp;
-
- if (options & KOPT_DONT_CANON)
- tmp = instance;
- else
- tmp = krb_get_phost (instance);
-
- strncpy(realinst, tmp, sizeof(realinst));
- realinst[sizeof(realinst) - 1] = '\0';
-
- if (realm == NULL) {
- ret = krb_get_lrealm (realrealm, 1);
- if (ret != KSUCCESS)
- return ret;
- realm = realrealm;
- }
-
- if(!(options & KOPT_DONT_MK_REQ)) {
- ret = krb_mk_req (ticket, service, realinst, realm, checksum);
- if (ret != KSUCCESS)
- return ret;
- }
-
- p = buf->dat;
-
- memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
- p += KRB_SENDAUTH_VLEN;
- memcpy (p, version, KRB_SENDAUTH_VLEN);
- p += KRB_SENDAUTH_VLEN;
- p += krb_put_int(ticket->length, p, 4);
- memcpy(p, ticket->dat, ticket->length);
- p += ticket->length;
- buf->length = p - buf->dat;
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/mk_err.c b/kerberosIV/krb/mk_err.c
deleted file mode 100644
index 3277a6712a7..00000000000
--- a/kerberosIV/krb/mk_err.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/* $OpenBSD: mk_err.c,v 1.5 1998/02/25 15:51:29 art Exp $ */
-/* $KTH: mk_err.c,v 1.6 1997/03/23 03:53:14 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * This routine creates a general purpose error reply message. It
- * doesn't use KTEXT because application protocol may have long
- * messages, and may want this part of buffer contiguous to other
- * stuff.
- *
- * The error reply is built in "p", using the error code "e" and
- * error text "e_string" given. The length of the error reply is
- * returned.
- *
- * The error reply is in the following format:
- *
- * unsigned char KRB_PROT_VERSION protocol version no.
- * unsigned char AUTH_MSG_APPL_ERR message type
- * (least significant
- * bit of above) HOST_BYTE_ORDER local byte order
- * 4 bytes e given error code
- * string e_string given error text
- */
-
-int32_t
-krb_mk_err(u_char *p, int32_t e, char *e_string)
-{
- unsigned char *start = p;
- p += krb_put_int(KRB_PROT_VERSION, p, 1);
- p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1);
-
- p += krb_put_int(e, p, 4);
- p += krb_put_string(e_string, p);
- return p - start;
-}
diff --git a/kerberosIV/krb/mk_priv.c b/kerberosIV/krb/mk_priv.c
deleted file mode 100644
index 3e4bf42bfed..00000000000
--- a/kerberosIV/krb/mk_priv.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/* $OpenBSD: mk_priv.c,v 1.6 1998/05/18 00:53:51 art Exp $ */
-/* $KTH: mk_priv.c,v 1.20 1998/02/19 19:13:40 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/* application include files */
-#include "krb-archaeology.h"
-
-/*
- * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes
- * some user data "in" of "length" bytes and creates a packet in "out"
- * consisting of the user data, a timestamp, and the sender's network
- * address.
- * The packet is encrypted by pcbc_encrypt(), using the given
- * "key" and "schedule".
- * The length of the resulting packet "out" is
- * returned.
- *
- * It is similar to krb_mk_safe() except for the additional key
- * schedule argument "schedule" and the fact that the data is encrypted
- * rather than appended with a checksum. The protocol version is
- * KRB_PROT_VERSION, defined in "krb.h".
- *
- * The "out" packet consists of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_PRIVATE | message type plus local
- * HOST_BYTE_ORDER byte order in low bit
- *
- * 4 bytes c_length length of data
- * we encrypt from here with pcbc_encrypt
- *
- * 4 bytes length length of user data
- * length in user data
- * 1 byte msg_time_5ms timestamp milliseconds
- * 4 bytes sender->sin.addr.s_addr sender's IP address
- *
- * 4 bytes msg_time_sec or timestamp seconds with
- * -msg_time_sec direction in sign bit
- *
- * 0<=n<=7 bytes pad to 8 byte multiple zeroes
- */
-
-int32_t
-krb_mk_priv(void *in, void *out, u_int32_t length,
- struct des_ks_struct *schedule, des_cblock *key,
- struct sockaddr_in *sender, struct sockaddr_in *receiver)
-{
- unsigned char *p = (unsigned char*)out;
- unsigned char *cipher;
-
- struct timeval tv;
- u_int32_t src_addr;
- u_int32_t len;
-
- if (p == NULL)
- return 0;
-
- p += krb_put_int(KRB_PROT_VERSION, p, 1);
- p += krb_put_int(AUTH_MSG_PRIVATE, p, 1);
-
- len = 4 + length + 1 + 4 + 4;
- len = (len + 7) & ~7;
- p += krb_put_int(len, p, 4);
-
- cipher = p;
-
- p += krb_put_int(length, p, 4);
-
- memcpy(p, in, length);
- p += length;
-
- krb_kdctimeofday(&tv);
-
- *p++ =tv.tv_usec / 5000;
-
- src_addr = sender->sin_addr.s_addr;
- p += krb_put_address(src_addr, p);
-
- p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4);
-
- memset(p, 0, 7);
-
- des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher,
- len, schedule, key, DES_ENCRYPT);
-
- return (cipher - (unsigned char*)out) + len;
-}
diff --git a/kerberosIV/krb/mk_req.c b/kerberosIV/krb/mk_req.c
deleted file mode 100644
index 7822732bf77..00000000000
--- a/kerberosIV/krb/mk_req.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/* $OpenBSD: mk_req.c,v 1.5 1998/05/18 00:53:53 art Exp $ */
-/* $KTH: mk_req.c,v 1.19 1998/02/19 19:13:51 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-static int lifetime = 255; /* But no longer than TGT says. */
-
-
-static void
-build_request(KTEXT req, char *name, char *inst, char *realm,
- u_int32_t checksum)
-{
- struct timeval tv;
- unsigned char *p = req->dat;
-
- p += krb_put_nir(name, inst, realm, p);
-
- p += krb_put_int(checksum, p, 4);
-
-
- /* Fill in the times on the request id */
- krb_kdctimeofday(&tv);
-
- *p++ = tv.tv_usec / 5000; /* 5ms */
-
- p += krb_put_int(tv.tv_sec, p, 4);
-
- /* Fill to a multiple of 8 bytes for DES */
- req->length = ((p - req->dat + 7)/8) * 8;
-}
-
-
-/*
- * krb_mk_req takes a text structure in which an authenticator is to
- * be built, the name of a service, an instance, a realm,
- * and a checksum. It then retrieves a ticket for
- * the desired service and creates an authenticator in the text
- * structure passed as the first argument. krb_mk_req returns
- * KSUCCESS on success and a Kerberos error code on failure.
- *
- * The peer procedure on the other end is krb_rd_req. When making
- * any changes to this routine it is important to make corresponding
- * changes to krb_rd_req.
- *
- * The authenticator consists of the following:
- *
- * authent->dat
- *
- * unsigned char KRB_PROT_VERSION protocol version no.
- * unsigned char AUTH_MSG_APPL_REQUEST message type
- * (least significant
- * bit of above) HOST_BYTE_ORDER local byte ordering
- * unsigned char kvno from ticket server's key version
- * string realm server's realm
- * unsigned char tl ticket length
- * unsigned char idl request id length
- * text ticket->dat ticket for server
- * text req_id->dat request id
- *
- * The ticket information is retrieved from the ticket cache or
- * fetched from Kerberos. The request id (called the "authenticator"
- * in the papers on Kerberos) contains the following:
- *
- * req_id->dat
- *
- * string cr.pname {name, instance, and
- * string cr.pinst realm of principal
- * string myrealm making this request}
- * 4 bytes checksum checksum argument given
- * unsigned char tv_local.tf_usec time (milliseconds)
- * 4 bytes tv_local.tv_sec time (seconds)
- *
- * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time,
- * all rounded up to multiple of 8.
- */
-
-int
-krb_mk_req(KTEXT authent, char *service, char *instance, char *realm,
- int32_t checksum)
-{
- KTEXT_ST req_st;
- KTEXT req_id = &req_st;
-
- CREDENTIALS cr; /* Credentials used by retr */
- KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */
- int retval; /* Returned by krb_get_cred */
-
- char myrealm[REALM_SZ];
-
- unsigned char *p = authent->dat;
-
- p += krb_put_int(KRB_PROT_VERSION, p, 1);
-
- p += krb_put_int(AUTH_MSG_APPL_REQUEST, p, 1);
-
- /* Get the ticket and move it into the authenticator */
- if (krb_ap_req_debug)
- krb_warning("Realm: %s\n", realm);
-
- retval = krb_get_cred(service,instance,realm,&cr);
-
- if (retval == RET_NOTKT) {
- retval = get_ad_tkt(service, instance, realm, lifetime);
- if (retval == KSUCCESS)
- retval = krb_get_cred(service, instance, realm, &cr);
- }
-
- if (retval != KSUCCESS)
- return retval;
-
-
- /*
- * With multi realm ticket files either find a matching TGT or
- * else use the first TGT for inter-realm authentication.
- *
- * In myrealm hold the realm of the principal "owning" the
- * corresponding ticket-granting-ticket.
- */
-
- retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0);
- if (retval == KSUCCESS) {
- strncpy(myrealm, realm, REALM_SZ);
- myrealm[REALM_SZ - 1] = '\0';
- } else
- retval = krb_get_tf_realm(TKT_FILE, myrealm);
-
- if (retval != KSUCCESS)
- return retval;
-
- if (krb_ap_req_debug)
- krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm,
- cr.pname, cr.pinst, myrealm);
-
- p += krb_put_int(cr.kvno, p, 1);
-
- p += krb_put_string(realm, p);
-
- p += krb_put_int(ticket->length, p, 1);
-
- build_request(req_id, cr.pname, cr.pinst, myrealm, checksum);
-
- encrypt_ktext(req_id, &cr.session, DES_ENCRYPT);
-
- p += krb_put_int(req_id->length, p, 1);
-
- memcpy(p, ticket->dat, ticket->length);
-
- p += ticket->length;
-
- memcpy(p, req_id->dat, req_id->length);
-
- p += req_id->length;
-
- authent->length = p - authent->dat;
-
- memset(&cr, 0, sizeof(cr));
- memset(&req_st, 0, sizeof(req_st));
-
- if (krb_ap_req_debug)
- krb_warning("Authent->length = %d\n", authent->length);
-
- return KSUCCESS;
-}
-
-/*
- * krb_set_lifetime sets the default lifetime for additional tickets
- * obtained via krb_mk_req().
- *
- * It returns the previous value of the default lifetime.
- */
-
-int
-krb_set_lifetime(int newval)
-{
- int olife = lifetime;
-
- lifetime = newval;
- return(olife);
-}
diff --git a/kerberosIV/krb/mk_safe.c b/kerberosIV/krb/mk_safe.c
deleted file mode 100644
index e0691faefe6..00000000000
--- a/kerberosIV/krb/mk_safe.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/* $OpenBSD: mk_safe.c,v 1.6 1998/05/18 00:53:54 art Exp $ */
-/* $KTH: mk_safe.c,v 1.23 1998/02/19 19:14:02 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/* application include files */
-#include "krb-archaeology.h"
-
-
-/* from rd_safe.c */
-extern int dqc_type;
-void fixup_quad_cksum(void*, size_t, des_cblock*, void*, void*, int);
-
-/*
- * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some
- * user data "in" of "length" bytes and creates a packet in "out"
- * consisting of the user data, a timestamp, and the sender's network
- * address, followed by a checksum computed on the above, using the
- * given "key". The length of the resulting packet is returned.
- *
- * The "out" packet consists of:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 1 byte KRB_PROT_VERSION protocol version number
- * 1 byte AUTH_MSG_SAFE | message type plus local
- * HOST_BYTE_ORDER byte order in low bit
- *
- * ===================== begin checksum ================================
- *
- * 4 bytes length length of user data
- * length in user data
- * 1 byte msg_time_5ms timestamp milliseconds
- * 4 bytes sender->sin.addr.s_addr sender's IP address
- *
- * 4 bytes msg_time_sec or timestamp seconds with
- * -msg_time_sec direction in sign bit
- *
- * ======================= end checksum ================================
- *
- * 16 bytes big_cksum quadratic checksum of
- * above using "key"
- */
-
-int32_t
-krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key,
- struct sockaddr_in *sender, struct sockaddr_in *receiver)
-{
- unsigned char * p = (unsigned char*)out;
- struct timeval tv;
- unsigned char *start;
- u_int32_t src_addr;
-
- if (p == NULL)
- return 0;
-
- p += krb_put_int(KRB_PROT_VERSION, p, 1);
- p += krb_put_int(AUTH_MSG_SAFE, p, 1);
-
- start = p;
-
- p += krb_put_int(length, p, 4);
-
- memcpy(p, in, length);
- p += length;
-
- krb_kdctimeofday(&tv);
-
- *p++ = tv.tv_usec/5000; /* 5ms */
-
- src_addr = sender->sin_addr.s_addr;
- p += krb_put_address(src_addr, p);
-
- p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4);
-
- {
- /* We are faking big endian mode, so we need to fix the
- * checksum (that is byte order dependent). We always send a
- * checksum of the new type, unless we know that we are
- * talking to an old client (this requires a call to
- * krb_rd_safe first).
- */
- unsigned char new_checksum[16];
- unsigned char old_checksum[16];
- fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, 0);
-
- if((dqc_type == DES_QUAD_GUESS && DES_QUAD_DEFAULT == DES_QUAD_OLD) ||
- dqc_type == DES_QUAD_OLD)
- memcpy(p, old_checksum, 16);
- else
- memcpy(p, new_checksum, 16);
- }
- p += 16;
-
- return p - (unsigned char*)out;
-}
diff --git a/kerberosIV/krb/month_sname.c b/kerberosIV/krb/month_sname.c
deleted file mode 100644
index 2c24a6f65a5..00000000000
--- a/kerberosIV/krb/month_sname.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/* $OpenBSD: month_sname.c,v 1.5 1998/02/25 15:51:30 art Exp $ */
-/* $KTH: month_sname.c,v 1.5 1997/03/23 03:53:14 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * Given an integer 1-12, month_sname() returns a string
- * containing the first three letters of the corresponding
- * month. Returns 0 if the argument is out of range.
- */
-
-const char *month_sname(int n)
-{
- static const char *name[] = {
- "Jan","Feb","Mar","Apr","May","Jun",
- "Jul","Aug","Sep","Oct","Nov","Dec"
- };
- return((n < 1 || n > 12) ? 0 : name [n-1]);
-}
diff --git a/kerberosIV/krb/name2name.c b/kerberosIV/krb/name2name.c
deleted file mode 100644
index 3a3b1055d56..00000000000
--- a/kerberosIV/krb/name2name.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/* $OpenBSD: name2name.c,v 1.3 1998/05/18 00:53:55 art Exp $ */
-/* $KTH: name2name.c,v 1.16 1998/01/19 15:28:38 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/* convert host to a more fully qualified domain name, returns 0 if
- * phost is the same as host, 1 otherwise. phost should be
- * phost_size bytes long.
- */
-
-int
-krb_name_to_name(const char *host, char *phost, size_t phost_size)
-{
- struct hostent *hp;
- struct in_addr adr;
- const char *tmp;
-
- if (phost == NULL || phost_size == 0)
- return 1;
-
- adr.s_addr = inet_addr(host);
- if (adr.s_addr != INADDR_NONE)
- hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET);
- else
- hp = gethostbyname(host);
- if (hp == NULL)
- tmp = host;
- else
- tmp = hp->h_name;
- strncpy (phost, tmp, phost_size);
- phost[phost_size - 1] = '\0';
-
- if (strcmp(phost, host) == 0)
- return 0;
- else
- return 1;
-}
-
-/* lowercase and truncate */
-
-void
-k_ricercar(char *name)
-{
- char *p = name;
- while(*p && *p != '.'){
- if(isupper(*p))
- *p = tolower(*p);
- p++;
- }
- if(*p == '.')
- *p = 0;
-}
-
-/*
- * This routine takes an alias for a host name and returns the first
- * field, in lower case, of its domain name.
- *
- * Example: "fOo.BAR.com" -> "foo"
- */
-
-char *
-krb_get_phost(const char *alias)
-{
- static char phost[MAXHOSTNAMELEN];
-
- krb_name_to_name(alias, phost, sizeof(phost));
- k_ricercar(phost);
- return phost;
-}
diff --git a/kerberosIV/krb/netread.c b/kerberosIV/krb/netread.c
deleted file mode 100644
index 17b0c36a6b7..00000000000
--- a/kerberosIV/krb/netread.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/* $OpenBSD: netread.c,v 1.5 1998/02/25 15:51:32 art Exp $ */
-/* $KTH: netread.c,v 1.7 1997/06/19 23:56:44 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * krb_net_read() reads from the file descriptor "fd" to the buffer
- * "buf", until either 1) "len" bytes have been read or 2) cannot
- * read anymore from "fd". It returns the number of bytes read
- * or a read() error. (The calling interface is identical to
- * read(2).)
- *
- * XXX must not use non-blocking I/O
- */
-
-int
-krb_net_read (int fd, void *v, size_t len)
-{
- int cc, len2 = 0;
- char *buf = v;
-
- if (buf == NULL)
- return -1;
-
- do {
- cc = read(fd, buf, len);
- if (cc < 0)
- return(cc); /* errno is already set */
- else if (cc == 0) {
- return(len2);
- } else {
- buf += cc;
- len2 += cc;
- len -= cc;
- }
- } while (len > 0);
- return(len2);
-}
diff --git a/kerberosIV/krb/netwrite.c b/kerberosIV/krb/netwrite.c
deleted file mode 100644
index bfcd45b2b9d..00000000000
--- a/kerberosIV/krb/netwrite.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* $OpenBSD: netwrite.c,v 1.5 1998/02/25 15:51:33 art Exp $ */
-/* $KTH: netwrite.c,v 1.8 1997/06/19 23:56:25 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * krb_net_write() writes "len" bytes from "buf" to the file
- * descriptor "fd". It returns the number of bytes written or
- * a write() error. (The calling interface is identical to
- * write(2).)
- *
- * XXX must not use non-blocking I/O
- */
-
-int
-krb_net_write(int fd, const void *v, size_t len)
-{
- int cc;
- int wrlen = len;
- const char *buf = (const char*)v;
-
- if (buf == NULL)
- return -1;
-
- do {
- cc = write(fd, buf, wrlen);
- if (cc < 0)
- return(cc);
- else {
- buf += cc;
- wrlen -= cc;
- }
- } while (wrlen > 0);
- return(len);
-}
diff --git a/kerberosIV/krb/one.c b/kerberosIV/krb/one.c
deleted file mode 100644
index 56c8d047b8c..00000000000
--- a/kerberosIV/krb/one.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/* $OpenBSD: one.c,v 1.5 1998/02/25 15:51:34 art Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * definition of variable set to 1.
- * used in krb_conf.h to determine host byte order.
- */
-
-int krbONE = 1;
diff --git a/kerberosIV/krb/parse_name.c b/kerberosIV/krb/parse_name.c
deleted file mode 100644
index 6c7f3366f66..00000000000
--- a/kerberosIV/krb/parse_name.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/* $OpenBSD: parse_name.c,v 1.2 1997/12/09 07:57:33 art Exp $ */
-/* $KTH: parse_name.c,v 1.4 1997/04/01 08:18:39 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-int
-krb_parse_name(const char *fullname, krb_principal *principal)
-{
- const char *p;
- char *ns, *np;
- enum {n, i, r} pos = n;
- int quote = 0;
-
- if (principal == NULL)
- return KFAILURE;
-
- ns = np = principal->name;
-
- principal->name[0] = '\0';
- principal->instance[0] = '\0';
- principal->realm[0] = '\0';
-
- for(p = fullname; *p; p++){
- if(np - ns == ANAME_SZ - 1) /* XXX they have the same size */
- return KNAME_FMT;
- if(quote){
- *np++ = *p;
- quote = 0;
- continue;
- }
- if(*p == '\\')
- quote = 1;
- else if(*p == '.' && pos == n){
- *np = 0;
- ns = np = principal->instance;
- pos = i;
- }else if(*p == '@' && (pos == n || pos == i)){
- *np = 0;
- ns = np = principal->realm;
- pos = r;
- }else
- *np++ = *p;
- }
- *np = 0;
- if(quote || principal->name[0] == '\0')
- return KNAME_FMT;
- return KSUCCESS;
-}
-
-int
-kname_parse(char *np, char *ip, char *rp, char *fullname)
-{
- krb_principal p;
- int ret;
- if((ret = krb_parse_name(fullname, &p)) == 0){
- strncpy(np, p.name, ANAME_SZ);
- np[ANAME_SZ-1] = '\0';
- strncpy(ip, p.instance, INST_SZ);
- ip[INST_SZ-1] = '\0';
- if(p.realm[0] != '\0'){
- strncpy(rp, p.realm, REALM_SZ);
- rp[REALM_SZ-1] = '\0';
- }
- }
- return ret;
-}
-/*
- * k_isname() returns 1 if the given name is a syntactically legitimate
- * Kerberos name; returns 0 if it's not.
- */
-
-int
-k_isname(char *s)
-{
- char c;
- int backslash = 0;
-
- if (s[0] == '\0')
- return 0;
- if (strlen(s) > ANAME_SZ - 1)
- return 0;
- while ((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '.':
- return 0;
- /* break; */
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-
-/*
- * k_isinst() returns 1 if the given name is a syntactically legitimate
- * Kerberos instance; returns 0 if it's not.
- */
-
-int
-k_isinst(char *s)
-{
- char c;
- int backslash = 0;
-
- if (strlen(s) > INST_SZ - 1)
- return 0;
- while ((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '.':
-#if INSTANCE_DOTS_OK
- break;
-#else /* INSTANCE_DOTS_OK */
- return 0;
-#endif /* INSTANCE_DOTS_OK */
- /* break; */
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
-
-/*
- * k_isrealm() returns 1 if the given name is a syntactically legitimate
- * Kerberos realm; returns 0 if it's not.
- */
-
-int
-k_isrealm(char *s)
-{
- char c;
- int backslash = 0;
-
- if (s[0] == '\0')
- return 0;
- if (strlen(s) > REALM_SZ - 1)
- return 0;
- while ((c = *s++)) {
- if (backslash) {
- backslash = 0;
- continue;
- }
- switch(c) {
- case '\\':
- backslash = 1;
- break;
- case '@':
- return 0;
- /* break; */
- }
- }
- return 1;
-}
diff --git a/kerberosIV/krb/rd_err.c b/kerberosIV/krb/rd_err.c
deleted file mode 100644
index 38508825873..00000000000
--- a/kerberosIV/krb/rd_err.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/* $OpenBSD: rd_err.c,v 1.3 1997/12/09 07:57:33 art Exp $ */
-/* $KTH: rd_err.c,v 1.8 1997/04/01 08:18:40 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/*
- * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length",
- * return the error code from the message in "code" and the text in
- * "m_data" as follows:
- *
- * m_data->app_data points to the error text
- * m_data->app_length points to the length of the error text
- *
- * If all goes well, return RD_AP_OK. If the version number
- * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR
- * type message, return RD_AP_MSG_TYPE.
- *
- * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c
- */
-
-int
-krb_rd_err(u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data)
-{
- unsigned char *p = (unsigned char*)in;
-
- unsigned char pvno, type;
- int little_endian;
-
- if (p == NULL)
- return KFAILURE;
-
- pvno = *p++;
- if(pvno != KRB_PROT_VERSION)
- return RD_AP_VERSION;
-
- type = *p++;
- little_endian = type & 1;
- type &= ~1;
-
- if(type != AUTH_MSG_APPL_ERR)
- return RD_AP_MSG_TYPE;
-
- p += krb_get_int(p, (u_int32_t *)&code, 4, little_endian);
-
- m_data->app_data = p;
- m_data->app_length = in_length; /* XXX is this correct? */
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/rd_priv.c b/kerberosIV/krb/rd_priv.c
deleted file mode 100644
index 85ee4397ee4..00000000000
--- a/kerberosIV/krb/rd_priv.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/* $OpenBSD: rd_priv.c,v 1.5 1997/12/12 05:30:28 art Exp $ */
-/* $KTH: rd_priv.c,v 1.24 1997/05/14 17:53:29 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/* application include files */
-#include "krb-archaeology.h"
-
-/*
- * krb_rd_priv() decrypts and checks the integrity of an
- * AUTH_MSG_PRIVATE message. Given the message received, "in",
- * the length of that message, "in_length", the key "schedule"
- * and "key", and the network addresses of the
- * "sender" and "receiver" of the message, krb_rd_safe() returns
- * RD_AP_OK if the message is okay, otherwise some error code.
- *
- * The message data retrieved from "in" are returned in the structure
- * "m_data". The pointer to the application data
- * (m_data->app_data) refers back to the appropriate place in "in".
- *
- * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE
- * message. The structure containing the extracted message
- * information, MSG_DAT, is defined in "krb.h".
- */
-
-int32_t
-krb_rd_priv(void *in, u_int32_t in_length,
- struct des_ks_struct *schedule, des_cblock *key,
- struct sockaddr_in *sender, struct sockaddr_in *receiver,
- MSG_DAT *m_data)
-{
- unsigned char *p = (unsigned char*)in;
- int little_endian;
- u_int32_t clen;
- struct timeval tv;
- u_int32_t src_addr;
- int delta_t;
-
- unsigned char pvno, type;
-
- if (p == NULL)
- return KFAILURE;
-
- pvno = *p++;
- if(pvno != KRB_PROT_VERSION)
- return RD_AP_VERSION;
-
- type = *p++;
- little_endian = type & 1;
- type &= ~1;
-
- p += krb_get_int(p, &clen, 4, little_endian);
-
- if(clen + 2 > in_length)
- return RD_AP_MODIFIED;
-
- des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen,
- schedule, key, DES_DECRYPT);
-
- p += krb_get_int(p, &m_data->app_length, 4, little_endian);
- if(m_data->app_length + 17 > in_length)
- return RD_AP_MODIFIED;
-
- m_data->app_data = p;
- p += m_data->app_length;
-
- m_data->time_5ms = *p++;
-
- p += krb_get_address(p, &src_addr);
-
- if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
- return RD_AP_BADD;
-
- p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian);
-
- m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver);
-
- gettimeofday(&tv, NULL);
-
- /* check the time integrity of the msg */
- delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec));
- if (delta_t > CLOCK_SKEW)
- return RD_AP_TIME;
- if (krb_debug)
- krb_warning("\ndelta_t = %d", (int) delta_t);
-
- /*
- * caller must check timestamps for proper order and
- * replays, since server might have multiple clients
- * each with its own timestamps and we don't assume
- * tightly synchronized clocks.
- */
-
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/rd_req.c b/kerberosIV/krb/rd_req.c
deleted file mode 100644
index 2072c0519e1..00000000000
--- a/kerberosIV/krb/rd_req.c
+++ /dev/null
@@ -1,328 +0,0 @@
-/* $OpenBSD: rd_req.c,v 1.5 1997/12/09 07:57:34 art Exp $ */
-/* $KTH: rd_req.c,v 1.24 1997/05/11 11:05:28 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-static struct timeval t_local = { 0, 0 };
-
-/*
- * Keep the following information around for subsequent calls
- * to this routine by the same server using the same key.
- */
-
-static des_key_schedule serv_key; /* Key sched to decrypt ticket */
-static des_cblock ky; /* Initialization vector */
-static int st_kvno; /* version number for this key */
-static char st_rlm[REALM_SZ]; /* server's realm */
-static char st_nam[ANAME_SZ]; /* service name */
-static char st_inst[INST_SZ]; /* server's instance */
-
-/*
- * This file contains two functions. krb_set_key() takes a DES
- * key or password string and returns a DES key (either the original
- * key, or the password converted into a DES key) and a key schedule
- * for it.
- *
- * krb_rd_req() reads an authentication request and returns information
- * about the identity of the requestor, or an indication that the
- * identity information was not authentic.
- */
-
-/*
- * krb_set_key() takes as its first argument either a DES key or a
- * password string. The "cvt" argument indicates how the first
- * argument "key" is to be interpreted: if "cvt" is null, "key" is
- * taken to be a DES key; if "cvt" is non-null, "key" is taken to
- * be a password string, and is converted into a DES key using
- * string_to_key(). In either case, the resulting key is returned
- * in the external static variable "ky". A key schedule is
- * generated for "ky" and returned in the external static variable
- * "serv_key".
- *
- * This routine returns the return value of des_key_sched.
- *
- * krb_set_key() needs to be in the same .o file as krb_rd_req() so that
- * the key set by krb_set_key() is available in private storage for
- * krb_rd_req().
- */
-
-int
-krb_set_key(void *key, int cvt)
-{
-#ifdef NOENCRYPTION
- memset(ky, 0, sizeof(ky));
- return KSUCCESS;
-#else /* Encrypt */
- if (cvt)
- des_string_to_key((char*)key, &ky);
- else
- memcpy((char*)ky, key, 8);
- return(des_key_sched(&ky, serv_key));
-#endif /* NOENCRYPTION */
-}
-
-
-/*
- * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or
- * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(),
- * checks its integrity and returns a judgement as to the requestor's
- * identity.
- *
- * The "authent" argument is a pointer to the received message.
- * The "service" and "instance" arguments name the receiving server,
- * and are used to get the service's ticket to decrypt the ticket
- * in the message, and to compare against the server name inside the
- * ticket. "from_addr" is the network address of the host from which
- * the message was received; this is checked against the network
- * address in the ticket. If "from_addr" is zero, the check is not
- * performed. "ad" is an AUTH_DAT structure which is
- * filled in with information about the sender's identity according
- * to the authenticator and ticket sent in the message. Finally,
- * "fn" contains the name of the file containing the server's key.
- * (If "fn" is NULL, the server's key is assumed to have been set
- * by krb_set_key(). If "fn" is the null string ("") the default
- * file KEYFILE, defined in "krb.h", is used.)
- *
- * krb_rd_req() returns RD_AP_OK if the authentication information
- * was genuine, or one of the following error codes (defined in
- * "krb.h"):
- *
- * RD_AP_VERSION - wrong protocol version number
- * RD_AP_MSG_TYPE - wrong message type
- * RD_AP_UNDEC - couldn't decipher the message
- * RD_AP_INCON - inconsistencies found
- * RD_AP_BADD - wrong network address
- * RD_AP_TIME - client time (in authenticator)
- * too far off server time
- * RD_AP_NYV - Kerberos time (in ticket) too
- * far off server time
- * RD_AP_EXP - ticket expired
- *
- * For the message format, see krb_mk_req().
- *
- * Mutual authentication is not implemented.
- */
-
-int
-krb_rd_req(KTEXT authent, /* The received message */
- char *service, /* Service name */
- char *instance, /* Service instance */
- int32_t from_addr, /* Net address of originating host */
- AUTH_DAT *ad, /* Structure to be filled in */
- char *fn) /* Filename to get keys from */
-{
- static KTEXT_ST ticket; /* Temp storage for ticket */
- static KTEXT tkt = &ticket;
- static KTEXT_ST req_id_st; /* Temp storage for authenticator */
- KTEXT req_id = &req_id_st;
-
- char realm[REALM_SZ]; /* Realm of issuing kerberos */
-
- unsigned char skey[KKEY_SZ]; /* Session key from ticket */
- char sname[SNAME_SZ]; /* Service name from ticket */
- char iname[INST_SZ]; /* Instance name from ticket */
- char r_aname[ANAME_SZ]; /* Client name from authenticator */
- char r_inst[INST_SZ]; /* Client instance from authenticator */
- char r_realm[REALM_SZ]; /* Client realm from authenticator */
- u_int32_t r_time_sec; /* Coarse time from authenticator */
- unsigned long delta_t; /* Time in authenticator - local time */
- long tkt_age; /* Age of ticket */
- static unsigned char s_kvno;/* Version number of the server's key
- * Kerberos used to encrypt ticket */
-
- struct timeval tv;
- int status;
-
- int pvno;
- int type;
- int little_endian;
-
- unsigned char *p;
-
- if (authent->length <= 0)
- return(RD_AP_MODIFIED);
-
- p = authent->dat;
-
- /* get msg version, type and byte order, and server key version */
-
- pvno = *p++;
-
- if(pvno != KRB_PROT_VERSION)
- return RD_AP_VERSION;
-
- type = *p++;
-
- little_endian = type & 1;
- type &= ~1;
-
- if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL)
- return RD_AP_MSG_TYPE;
-
- s_kvno = *p++;
-
- p += krb_get_string(p, realm);
-
- /*
- * If "fn" is NULL, key info should already be set; don't
- * bother with ticket file. Otherwise, check to see if we
- * already have key info for the given server and key version
- * (saved in the static st_* variables). If not, go get it
- * from the ticket file. If "fn" is the null string, use the
- * default ticket file.
- */
- if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) ||
- strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
- if (*fn == 0) fn = KEYFILE;
- st_kvno = s_kvno;
- if (read_service_key(service, instance, realm, s_kvno,
- fn, (char *)skey))
- return(RD_AP_UNDEC);
- if ((status = krb_set_key((char*)skey, 0)))
- return(status);
- strncpy(st_rlm, realm, REALM_SZ);
- st_rlm[REALM_SZ-1] = '\0';
- strncpy(st_nam, service, SNAME_SZ);
- st_nam[SNAME_SZ-1] = '\0';
- strncpy(st_inst, instance, INST_SZ);
- st_inst[INST_SZ-1] = '\0';
- }
-
- tkt->length = *p++;
-
- req_id->length = *p++;
-
- if(tkt->length + (p - authent->dat) > authent->length)
- return RD_AP_MODIFIED;
-
- memcpy(tkt->dat, p, tkt->length);
- p += tkt->length;
-
- if (krb_ap_req_debug)
- krb_log("ticket->length: %d",tkt->length);
-
- /* Decrypt and take apart ticket */
- if (decomp_ticket(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm,
- &ad->address, ad->session, &ad->life,
- &ad->time_sec, sname, iname, &ky, serv_key))
- return RD_AP_UNDEC;
-
- if (krb_ap_req_debug) {
- krb_log("Ticket Contents.");
- krb_log(" Aname: %s.%s",ad->pname, ad->prealm);
- krb_log(" Service: %s", krb_unparse_name_long(sname, iname, NULL));
- }
-
- /* Extract the authenticator */
-
- if(req_id->length + (p - authent->dat) > authent->length)
- return RD_AP_MODIFIED;
-
- memcpy(req_id->dat, p, req_id->length);
- p = req_id->dat;
-
-#ifndef NOENCRYPTION
- /* And decrypt it with the session key from the ticket */
- if (krb_ap_req_debug) krb_log("About to decrypt authenticator");
-
- encrypt_ktext(req_id, &ad->session, DES_DECRYPT);
-
- if (krb_ap_req_debug) krb_log("Done.");
-#endif /* NOENCRYPTION */
-
- /* cast req_id->length to int? */
-#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
-
- p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */
-
- p += krb_get_int(p, &ad->checksum, 4, little_endian);
-
- p++; /* time_5ms is not used */
-
- p += krb_get_int(p, &r_time_sec, 4, little_endian);
-
- /* Check for authenticity of the request */
- if (krb_ap_req_debug)
- krb_log("Principal: %s.%s@%s / %s.%s@%s",ad->pname,ad->pinst, ad->prealm,
- r_aname, r_inst, r_realm);
- if (strcmp(ad->pname, r_aname) != 0 ||
- strcmp(ad->pinst, r_inst) != 0 ||
- strcmp(ad->prealm, r_realm) != 0)
- return RD_AP_INCON;
-
- if (krb_ap_req_debug)
- krb_log("Address: %x %x", ad->address, from_addr);
-
- if (from_addr && (!krb_equiv(ad->address, from_addr)))
- return RD_AP_BADD;
-
- gettimeofday(&tv, NULL);
- delta_t = abs((int)(tv.tv_sec - r_time_sec));
- if (delta_t > CLOCK_SKEW) {
- if (krb_ap_req_debug)
- krb_log("Time out of range: %lu - %lu = %lu",
- (unsigned long)t_local.tv_sec,
- (unsigned long)r_time_sec,
- (unsigned long)delta_t);
- return RD_AP_TIME;
- }
-
- /* Now check for expiration of ticket */
-
- tkt_age = tv.tv_sec - ad->time_sec;
- if (krb_ap_req_debug)
- krb_log("Time: %ld Issue Date: %lu Diff: %ld Life %x",
- (long)tv.tv_sec,
- (unsigned long)ad->time_sec,
- tkt_age,
- ad->life);
-
- if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW))
- return RD_AP_NYV;
-
- if (tv.tv_sec > krb_life_to_time(ad->time_sec, ad->life))
- return RD_AP_EXP;
-
- /* All seems OK */
- ad->reply.length = 0;
-
- return(RD_AP_OK);
-}
diff --git a/kerberosIV/krb/rd_safe.c b/kerberosIV/krb/rd_safe.c
deleted file mode 100644
index f532a462f9f..00000000000
--- a/kerberosIV/krb/rd_safe.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/* $OpenBSD: rd_safe.c,v 1.5 1997/12/12 05:30:29 art Exp $ */
-/* $KTH: rd_safe.c,v 1.24 1997/04/19 23:18:20 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/* application include files */
-#include "krb-archaeology.h"
-
-/* Generate two checksums in the given byteorder of the data, one
- * new-form and one old-form. It has to be done this way to be
- * compatible with the old version of des_quad_cksum.
- */
-
-/* des_quad_chsum-type; 0 == unknown, 1 == new PL10++, 2 == old */
-int dqc_type = DES_QUAD_DEFAULT;
-
-void
-fixup_quad_cksum(void *start, size_t len, des_cblock *key,
- void *new_checksum, void *old_checksum, int little)
-{
- if (old_checksum == NULL || new_checksum == NULL)
- return;
-
- des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key);
- if(HOST_BYTE_ORDER){
- if(little){
- memcpy(old_checksum, new_checksum, 16);
- }else{
- u_int32_t *tmp = (u_int32_t*)new_checksum;
- memcpy(old_checksum, new_checksum, 16);
- swap_u_16(old_checksum);
- swap_u_long(tmp[0]);
- swap_u_long(tmp[1]);
- swap_u_long(tmp[2]);
- swap_u_long(tmp[3]);
- }
- }else{
- if(little){
- u_int32_t *tmp = (u_int32_t*)new_checksum;
- swap_u_long(tmp[0]);
- swap_u_long(tmp[1]);
- swap_u_long(tmp[2]);
- swap_u_long(tmp[3]);
- memcpy(old_checksum, new_checksum, 16);
- }else{
- u_int32_t tmp[4];
- tmp[0] = ((u_int32_t*)new_checksum)[3];
- tmp[1] = ((u_int32_t*)new_checksum)[2];
- tmp[2] = ((u_int32_t*)new_checksum)[1];
- tmp[3] = ((u_int32_t*)new_checksum)[0];
- memcpy(old_checksum, tmp, 16);
- }
- }
-}
-
-/*
- * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message.
- * Given the message received, "in", the length of that message,
- * "in_length", the "key" to compute the checksum with, and the
- * network addresses of the "sender" and "receiver" of the message,
- * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise
- * some error code.
- *
- * The message data retrieved from "in" is returned in the structure
- * "m_data". The pointer to the application data (m_data->app_data)
- * refers back to the appropriate place in "in".
- *
- * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE
- * message. The structure containing the extracted message
- * information, MSG_DAT, is defined in "krb.h".
- */
-
-int32_t
-krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key,
- struct sockaddr_in *sender, struct sockaddr_in *receiver,
- MSG_DAT *m_data)
-{
- unsigned char *p = (unsigned char*)in, *start;
-
- unsigned char pvno, type;
- int little_endian;
- struct timeval tv;
- u_int32_t src_addr;
- int delta_t;
-
- if (p == NULL)
- return KFAILURE;
-
- pvno = *p++;
- if(pvno != KRB_PROT_VERSION)
- return RD_AP_VERSION;
-
- type = *p++;
- little_endian = type & 1;
- type &= ~1;
- if(type != AUTH_MSG_SAFE)
- return RD_AP_MSG_TYPE;
-
- start = p;
-
- p += krb_get_int(p, &m_data->app_length, 4, little_endian);
-
- if(m_data->app_length + 31 > in_length)
- return RD_AP_MODIFIED;
-
- m_data->app_data = p;
-
- p += m_data->app_length;
-
- m_data->time_5ms = *p++;
-
- p += krb_get_address(p, &src_addr);
-
- if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
- return RD_AP_BADD;
-
- p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian);
- m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver);
-
- gettimeofday(&tv, NULL);
-
- delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec));
- if (delta_t > CLOCK_SKEW) return RD_AP_TIME;
-
- /*
- * caller must check timestamps for proper order and replays, since
- * server might have multiple clients each with its own timestamps
- * and we don't assume tightly synchronized clocks.
- */
-
- {
- unsigned char new_checksum[16];
- unsigned char old_checksum[16];
- fixup_quad_cksum(start, p - start, key,
- new_checksum, old_checksum, little_endian);
- if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_NEW) &&
- memcmp(new_checksum, p, 16) == 0)
- dqc_type = DES_QUAD_NEW;
- else if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_OLD) &&
- memcmp(old_checksum, p, 16) == 0)
- dqc_type = DES_QUAD_OLD;
- else
- return RD_AP_MODIFIED;
- }
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/read_service_key.c b/kerberosIV/krb/read_service_key.c
deleted file mode 100644
index 0a84415a57f..00000000000
--- a/kerberosIV/krb/read_service_key.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/* $OpenBSD: read_service_key.c,v 1.6 1998/02/25 15:51:35 art Exp $ */
-/* $KTH: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * The private keys for servers on a given host are stored in a
- * "srvtab" file (typically "/etc/srvtab"). This routine extracts
- * a given server's key from the file.
- *
- * read_service_key() takes the server's name ("service"), "instance",
- * and "realm" and a key version number "kvno", and looks in the given
- * "file" for the corresponding entry, and if found, returns the entry's
- * key field in "key".
- *
- * If "instance" contains the string "*", then it will match
- * any instance, and the chosen instance will be copied to that
- * string. For this reason it is important that the there is enough
- * space beyond the "*" to receive the entry.
- *
- * If "kvno" is 0, it is treated as a wild card and the first
- * matching entry regardless of the "vno" field is returned.
- *
- * This routine returns KSUCCESS on success, otherwise KFAILURE.
- *
- * The format of each "srvtab" entry is as follows:
- *
- * Size Variable Field in file
- * ---- -------- -------------
- * string serv server name
- * string inst server instance
- * string realm server realm
- * 1 byte vno server key version #
- * 8 bytes key server's key
- * ... ... ...
- */
-
-
-int
-read_service_key(char *service, /* Service Name */
- char *instance, /* Instance name or "*" */
- char *realm, /* Realm */
- int kvno, /* Key version number */
- char *file, /* Filename */
- char *key) /* Pointer to key to be filled in */
-{
- char serv[SNAME_SZ];
- char inst[INST_SZ];
- char rlm[REALM_SZ];
- unsigned char vno; /* Key version number */
- int wcard;
-
- int stab;
-
- if ((stab = open(file, O_RDONLY, 0)) < 0)
- return KFAILURE;
-
- if (instance == NULL)
- return KFAILURE;
-
- wcard = (instance[0] == '*') && (instance[1] == '\0');
-
- while (getst(stab, serv, SNAME_SZ) > 0) { /* Read sname */
- getst(stab, inst, INST_SZ); /* Instance */
- getst(stab, rlm, REALM_SZ); /* Realm */
- /* Vers number */
- if (read(stab, &vno, 1) != 1) {
- close(stab);
- return KFAILURE;
- }
- /* Key */
- if (read(stab, key, 8) != 8) {
- close(stab);
- return KFAILURE;
- }
- /* Is this the right service */
- if (service != NULL && strcmp(serv, service))
- continue;
- /* How about instance */
- if (wcard == '\0' && strcmp(inst,instance))
- continue;
- if (wcard != 0) {
- strncpy(instance, inst, INST_SZ);
- instance[INST_SZ - 1] = '\0';
- }
- /* Is this the right realm */
- if (realm != NULL && strcmp(rlm, realm))
- continue;
-
- /* How about the key version number */
- if (kvno && kvno != (int) vno)
- continue;
-
- close(stab);
- return KSUCCESS;
- }
-
- /* Can't find the requested service */
- close(stab);
- return(KFAILURE);
-}
diff --git a/kerberosIV/krb/realm_parse.c b/kerberosIV/krb/realm_parse.c
deleted file mode 100644
index 7041db9d5ca..00000000000
--- a/kerberosIV/krb/realm_parse.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* $OpenBSD: realm_parse.c,v 1.5 1998/07/07 19:07:00 art Exp $ */
-/* $KTH: realm_parse.c,v 1.14 1997/12/15 17:19:13 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-static int
-realm_parse(char *realm, int length, const char *file)
-{
- FILE *F;
- char tr[128];
- char *p;
-
- if ((F = fopen(file,"r")) == NULL)
- return -1;
-
- while(fgets(tr, sizeof(tr), F)){
- char *unused = NULL;
- p = strtok_r(tr, " \t\n\r", &unused);
- if(p && strcasecmp(p, realm) == 0){
- fclose(F);
- strncpy(realm, p, length);
- realm[length - 1] = '\0';
- return 0;
- }
- }
- fclose(F);
- return -1;
-}
-
-static const char *const files[] = KRB_CNF_FILES;
-
-int
-krb_realm_parse(char *realm, int length)
-{
- int i;
- char file[MAXPATHLEN];
-
- for(i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++)
- if (realm_parse(realm, length, file) == 0)
- return 0;
-
- return -1;
-}
diff --git a/kerberosIV/krb/recvauth.c b/kerberosIV/krb/recvauth.c
deleted file mode 100644
index 786d573ca99..00000000000
--- a/kerberosIV/krb/recvauth.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/* $OpenBSD: recvauth.c,v 1.6 1998/02/25 15:51:37 art Exp $ */
-/* $KTH: recvauth.c,v 1.18 1997/07/05 01:35:15 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-#ifndef MAX
-#define MAX(a,b) (((a)>(b))?(a):(b))
-#endif /* MAX */
-
-#ifndef MIN
-#define MIN(a,b) (((a)<(b))?(a):(b))
-#endif /* MIN */
-
-/*
- * krb_recvauth() reads (and optionally responds to) a message sent
- * using krb_sendauth(). The "options" argument is a bit-field of
- * selected options (see "sendauth.c" for options description).
- * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL
- * (mutual authentication requested). The "fd" argument supplies
- * a file descriptor to read from (and write to, if mutual authenti-
- * cation is requested).
- *
- * Part of the received message will be a Kerberos ticket sent by the
- * client; this is read into the "ticket" argument. The "service" and
- * "instance" arguments supply the server's Kerberos name. If the
- * "instance" argument is the string "*", it is treated as a wild card
- * and filled in during the krb_rd_req() call (see read_service_key()).
- *
- * The "faddr" and "laddr" give the sending (client) and receiving
- * (local server) network addresses. ("laddr" may be left NULL unless
- * mutual authentication is requested, in which case it must be set.)
- *
- * The authentication information extracted from the message is returned
- * in "kdata". The "filename" argument indicates the file where the
- * server's key can be found. (It is passed on to krb_rd_req().) If
- * left null, the default "/etc/srvtab" will be used.
- *
- * If mutual authentication is requested, the session key schedule must
- * be computed in order to reply; this schedule is returned in the
- * "schedule" argument. A string containing the application version
- * number from the received message is returned in "version", which
- * should be large enough to hold a KRB_SENDAUTH_VLEN-character string.
- *
- * See krb_sendauth() for the format of the received client message.
- *
- * krb_recvauth() first reads the protocol version string from the
- * given file descriptor. If it doesn't match the current protocol
- * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In
- * that case, the string of characters up to the first space is read
- * and interpreted as the ticket length, then the ticket is read.
- *
- * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth()
- * next reads the application protocol version string. Then the
- * ticket length and ticket itself are read.
- *
- * The ticket is decrypted and checked by the call to krb_rd_req().
- * If no mutual authentication is required, the result of the
- * krb_rd_req() call is retured by this routine. If mutual authenti-
- * cation is required, a message in the following format is returned
- * on "fd":
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * 4 bytes tkt_len length of ticket or -1
- * if error occurred
- *
- * priv_len tmp_buf "private" message created
- * by krb_mk_priv() which
- * contains the incremented
- * checksum sent by the client
- * encrypted in the session
- * key. (This field is not
- * present in case of error.)
- *
- * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some
- * other error code is returned.
- */
-
-static int
-send_error_reply(int fd)
-{
- unsigned char tmp[4] = { 255, 255, 255, 255 };
- if(krb_net_write(fd, tmp, sizeof(tmp)) != sizeof(tmp))
- return -1;
- return 0;
-}
-
-int
-krb_recvauth(int32_t options, /* bit-pattern of options */
- int fd, /* file descr. to read from */
- KTEXT ticket, /* storage for client's ticket */
- char *service, /* service expected */
- char *instance, /* inst expected (may be filled in) */
- struct sockaddr_in *faddr, /* address of foreign host on fd */
- struct sockaddr_in *laddr, /* local address */
- AUTH_DAT *kdata, /* kerberos data (returned) */
- char *filename, /* name of file with service keys */
- struct des_ks_struct *schedule, /* key schedule (return) */
- char *version) /* version string (filled in) */
-{
- int cc;
- char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */
- int rem;
- int32_t priv_len;
- u_char tmp_buf[MAX_KTXT_LEN+MAX(KRB_SENDAUTH_VLEN+1,21)];
-
- if (!(options & KOPT_IGNORE_PROTOCOL)) {
- /* read the protocol version number */
- if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
- return(errno);
- krb_vers[KRB_SENDAUTH_VLEN] = '\0';
- }
-
- /* read the application version string */
- if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
- return(errno);
- version[KRB_SENDAUTH_VLEN] = '\0';
-
- /* get the length of the ticket */
- {
- char tmp[4];
- if (krb_net_read(fd, tmp, 4) != 4)
- return -1;
- krb_get_int(tmp, &ticket->length, 4, 0);
- }
-
- /* sanity check */
- if (ticket->length <= 0 || ticket->length > MAX_KTXT_LEN) {
- if (options & KOPT_DO_MUTUAL) {
- if(send_error_reply(fd))
- return -1;
- return KFAILURE;
- } else
- return KFAILURE; /* XXX there may still be junk on the fd? */
- }
-
- /* read the ticket */
- if (krb_net_read(fd, ticket->dat, ticket->length) != ticket->length)
- return -1;
- /*
- * now have the ticket. decrypt it to get the authenticated
- * data.
- */
- rem = krb_rd_req(ticket, service, instance, faddr->sin_addr.s_addr,
- kdata, filename);
-
- /* if we are doing mutual auth, compose a response */
- if (options & KOPT_DO_MUTUAL) {
- if (rem != KSUCCESS){
- /* the krb_rd_req failed */
- if(send_error_reply(fd))
- return -1;
- return rem;
- }
-
- /* add one to the (formerly) sealed checksum, and re-seal it
- for return to the client */
- {
- unsigned char cs[4];
- krb_put_int(kdata->checksum + 1, cs, 4);
-#ifndef NOENCRYPTION
- des_key_sched(&kdata->session,schedule);
-#endif
- priv_len = krb_mk_priv(cs,
- tmp_buf+4,
- 4,
- schedule,
- &kdata->session,
- laddr,
- faddr);
- }
- /* mk_priv will never fail */
- priv_len += krb_put_int(priv_len, tmp_buf, 4);
-
- if((cc = krb_net_write(fd, tmp_buf, priv_len)) != priv_len)
- return -1;
- }
- return rem;
-}
diff --git a/kerberosIV/krb/resolve.c b/kerberosIV/krb/resolve.c
deleted file mode 100644
index 112814a27eb..00000000000
--- a/kerberosIV/krb/resolve.c
+++ /dev/null
@@ -1,280 +0,0 @@
-/* $OpenBSD: resolve.c,v 1.3 1997/12/12 05:30:31 art Exp $ */
-/* $KTH: resolve.c,v 1.12 1997/10/28 15:37:39 bg Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-#include "resolve.h"
-
-#define DECL(X) {#X, T_##X}
-
-static struct stot{
- char *name;
- int type;
-}stot[] = {
- DECL(A),
- DECL(NS),
- DECL(CNAME),
- DECL(PTR),
- DECL(MX),
- DECL(TXT),
- DECL(AFSDB),
- DECL(SRV),
- {NULL, 0}
-};
-
-static int
-string_to_type(const char *name)
-{
- struct stot *p = stot;
- for(p = stot; p->name; p++)
- if(strcasecmp(name, p->name) == 0)
- return p->type;
- return -1;
-}
-
-#if 0
-static char *
-type_to_string(int type)
-{
- struct stot *p = stot;
- for(p = stot; p->name; p++)
- if(type == p->type)
- return p->name;
- return NULL;
-}
-#endif
-
-void
-dns_free_data(struct dns_reply *r)
-{
- struct resource_record *rr;
- if(r->q.domain){
- free(r->q.domain);
- r->q.domain = NULL;
- }
- for(rr = r->head; rr;){
- struct resource_record *tmp = rr;
- if(rr->domain){
- free(rr->domain);
- rr->domain = NULL;
- }
- if(rr->u.data){
- free(rr->u.data);
- rr->u.data = NULL;
- }
- rr = rr->next;
- free(tmp);
- tmp = NULL;
- }
- free (r);
- r = NULL;
-}
-
-static struct dns_reply*
-parse_reply(unsigned char *data, int len)
-{
- unsigned char *p;
- char host[128];
- int status;
-
- struct dns_reply *r;
- struct resource_record **rr;
-
- r = (struct dns_reply*)malloc(sizeof(struct dns_reply));
-
- if (r == NULL)
- return NULL;
-
- memset(r, 0, sizeof(struct dns_reply));
-
- p = data;
- memcpy(&r->h, p, sizeof(HEADER));
- p += sizeof(HEADER);
- status = dn_expand(data, data + len, p, host, sizeof(host));
- if(status < 0){
- dns_free_data(r);
- return NULL;
- }
- r->q.domain = strdup(host);
- if(r->q.domain == NULL) {
- dns_free_data(r);
- return NULL;
- }
-
- p += status;
- r->q.type = (p[0] << 8 | p[1]);
- p += 2;
- r->q.class = (p[0] << 8 | p[1]);
- p += 2;
- rr = &r->head;
- while(p < data + len){
- int type, class, ttl, size;
- status = dn_expand(data, data + len, p, host, sizeof(host));
- if(status < 0){
- dns_free_data(r);
- return NULL;
- }
- p += status;
- type = (p[0] << 8) | p[1];
- p += 2;
- class = (p[0] << 8) | p[1];
- p += 2;
- ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
- p += 4;
- size = (p[0] << 8) | p[1];
- p += 2;
- *rr = (struct resource_record*)calloc(1,
- sizeof(struct resource_record));
- if(*rr == NULL) {
- dns_free_data(r);
- return NULL;
- }
- (*rr)->domain = strdup(host);
- if((*rr)->domain == NULL) {
- dns_free_data(r);
- return NULL;
- }
- (*rr)->type = type;
- (*rr)->class = class;
- (*rr)->ttl = ttl;
- (*rr)->size = size;
- switch(type){
- case T_NS:
- case T_CNAME:
- case T_PTR:
- status = dn_expand(data, data + len, p, host, sizeof(host));
- if(status < 0){
- dns_free_data(r);
- return NULL;
- }
- (*rr)->u.txt = strdup(host);
- if((*rr)->u.txt == NULL) {
- dns_free_data(r);
- return NULL;
- }
- break;
- case T_MX:
- case T_AFSDB:{
- status = dn_expand(data, data + len, p + 2, host, sizeof(host));
- if(status < 0){
- dns_free_data(r);
- return NULL;
- }
- (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) +
- strlen(host));
- if((*rr)->u.mx == NULL) {
- dns_free_data(r);
- return NULL;
- }
- (*rr)->u.mx->preference = (p[0] << 8) | p[1];
- strncpy((*rr)->u.mx->domain, host, MAXHOSTNAMELEN);
- (*rr)->u.mx->domain[MAXHOSTNAMELEN-1] = '\0';
- break;
- }
- case T_SRV:{
- status = dn_expand(data, data + len, p + 6, host, sizeof(host));
- if(status < 0){
- dns_free_data(r);
- return NULL;
- }
- (*rr)->u.srv =
- (struct srv_record*)malloc(sizeof(struct srv_record) +
- strlen(host));
- if((*rr)->u.srv == NULL) {
- dns_free_data(r);
- return NULL;
- }
- (*rr)->u.srv->priority = (p[0] << 8) | p[1];
- (*rr)->u.srv->weight = (p[2] << 8) | p[3];
- (*rr)->u.srv->port = (p[4] << 8) | p[5];
- strncpy((*rr)->u.srv->target, host, MAXHOSTNAMELEN);
- (*rr)->u.srv->target[MAXHOSTNAMELEN-1] = '\0';
- break;
- }
- case T_TXT:{
- (*rr)->u.txt = (char*)malloc(size + 1);
- if((*rr)->u.txt == NULL) {
- dns_free_data(r);
- return NULL;
- }
- strncpy((*rr)->u.txt, (char*)p + 1, *p);
- (*rr)->u.txt[*p] = 0;
- break;
- }
-
- default:
- (*rr)->u.data = (unsigned char*)malloc(size);
- if((*rr)->u.data == NULL) {
- dns_free_data(r);
- return NULL;
- }
- memcpy((*rr)->u.data, p, size);
- }
- p += size;
- rr = &(*rr)->next;
- }
- *rr = NULL;
- return r;
-}
-
-struct dns_reply *
-dns_lookup(const char *domain, const char *type_name)
-{
- unsigned char reply[1024];
- int len;
- int type;
- struct dns_reply *r = NULL;
- u_long old_options = 0;
-
- type = string_to_type(type_name);
- if (krb_dns_debug) {
- old_options = _res.options;
- _res.options |= RES_DEBUG;
- krb_warning("dns_lookup(%s, %s)\n", domain, type_name);
- }
- len = res_search(domain, C_IN, type, reply, sizeof(reply));
- if (krb_dns_debug) {
- _res.options = old_options;
- krb_warning("dns_lookup(%s, %s) --> %d\n", domain, type_name, len);
- }
- if (len >= 0)
- r = parse_reply(reply, len);
- return r;
-}
diff --git a/kerberosIV/krb/resolve.h b/kerberosIV/krb/resolve.h
deleted file mode 100644
index 523c65c9da5..00000000000
--- a/kerberosIV/krb/resolve.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/* $OpenBSD: resolve.h,v 1.2 1998/02/18 11:54:05 art Exp $ */
-/* $KTH: resolve.h,v 1.5 1997/05/14 17:41:25 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* THIS IS NOT (yet) A PUBLIC INTERFACE */
-
-
-#ifndef __RESOLVE_H__
-#define __RESOLVE_H__
-
-/* We use these, but they are not always present in <arpa/nameser.h> */
-
-struct dns_query{
- char *domain;
- unsigned type;
- unsigned class;
-};
-
-struct mx_record{
- unsigned preference;
- char domain[1];
-};
-
-struct srv_record{
- unsigned priority;
- unsigned weight;
- unsigned port;
- char target[1];
-};
-
-struct resource_record{
- char *domain;
- unsigned type;
- unsigned class;
- unsigned ttl;
- unsigned size;
- union {
- void *data;
- struct mx_record *mx;
- struct mx_record *afsdb; /* mx and afsdb are identical */
- struct srv_record *srv;
- struct in_addr *a;
- char *txt;
- }u;
- struct resource_record *next;
-};
-
-struct dns_reply{
- HEADER h;
- struct dns_query q;
- struct resource_record *head;
-};
-
-
-struct dns_reply* dns_lookup(const char *, const char *);
-
-void dns_free_data(struct dns_reply *r);
-
-#endif /* __RESOLVE_H__ */
diff --git a/kerberosIV/krb/rw.c b/kerberosIV/krb/rw.c
deleted file mode 100644
index f032f83b2e7..00000000000
--- a/kerberosIV/krb/rw.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/* $OpenBSD: rw.c,v 1.2 1997/12/09 07:57:37 art Exp $ */
-/* $KTH: rw.c,v 1.8 1997/04/01 08:18:44 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* Almost all programs use these routines (implicitly) so it's a good
- * place to put the version string. */
-
-#include "version.h"
-
-#include "krb_locl.h"
-
-int
-krb_get_int(void *f, u_int32_t *to, int size, int lsb)
-{
- int i;
- unsigned char *from = (unsigned char *)f;
-
- if (from == NULL)
- return 0;
-
- *to = 0;
- if(lsb){
- for(i = size-1; i >= 0; i--)
- *to = (*to << 8) | from[i];
- }else{
- for(i = 0; i < size; i++)
- *to = (*to << 8) | from[i];
- }
- return size;
-}
-
-int
-krb_put_int(u_int32_t from, void *to, int size)
-{
- int i;
- unsigned char *p = (unsigned char *)to;
-
- if (p == NULL)
- return 0;
-
- for(i = size - 1; i >= 0; i--){
- p[i] = from & 0xff;
- from >>= 8;
- }
- return size;
-}
-
-
-/* addresses are always sent in network byte order */
-
-int
-krb_get_address(void *from, u_int32_t *to)
-{
- unsigned char *p = (unsigned char*)from;
-
- if (from == NULL || p == NULL)
- return 0;
-
- *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
- return 4;
-}
-
-int
-krb_put_address(u_int32_t addr, void *to)
-{
- return krb_put_int(ntohl(addr), to, 4);
-}
-
-int
-krb_put_string(char *from, void *to)
-{
- if (to == NULL || from == NULL)
- return 0;
- strcpy((char *)to, from);
- return strlen(from) + 1;
-}
-
-int
-krb_get_string(void *from, char *to)
-{
- return krb_put_string(from, to);
-}
-
-int
-krb_get_nir(void *from, char *name, char *instance, char *realm)
-{
- char *p = (char *)from;
-
- if (p == NULL)
- return 0;
-
- p += krb_get_string(p, name);
- p += krb_get_string(p, instance);
- if(realm)
- p += krb_get_string(p, realm);
- return p - (char *)from;
-}
-
-int
-krb_put_nir(char *name, char *instance, char *realm, void *to)
-{
- char *p = (char *)to;
- if (p == NULL)
- return 0;
-
- p += krb_put_string(name, p);
- p += krb_put_string(instance, p);
- if(realm)
- p += krb_put_string(realm, p);
- return p - (char *)to;
-}
diff --git a/kerberosIV/krb/save_credentials.c b/kerberosIV/krb/save_credentials.c
deleted file mode 100644
index 8be21d9a217..00000000000
--- a/kerberosIV/krb/save_credentials.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/* $OpenBSD: save_credentials.c,v 1.5 1998/02/25 15:51:38 art Exp $ */
-/* $KTH: save_credentials.c,v 1.5 1997/03/23 03:53:17 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * This routine takes a ticket and associated info and calls
- * tf_save_cred() to store them in the ticket cache. The peer
- * routine for extracting a ticket and associated info from the
- * ticket cache is krb_get_cred(). When changes are made to
- * this routine, the corresponding changes should be made
- * in krb_get_cred() as well.
- *
- * Returns KSUCCESS if all goes well, otherwise an error returned
- * by the tf_init() or tf_save_cred() routines.
- */
-
-int
-save_credentials(char *service, /* Service name */
- char *instance, /* Instance */
- char *realm, /* Auth domain */
- unsigned char *session, /* Session key */
- int lifetime, /* Lifetime */
- int kvno, /* Key version number */
- KTEXT ticket, /* The ticket itself */
- int32_t issue_date) /* The issue time */
-{
- int tf_status; /* return values of the tf_util calls */
-
- /* Open and lock the ticket file for writing */
- if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS)
- return(tf_status);
-
- /* Save credentials by appending to the ticket file */
- tf_status = tf_save_cred(service, instance, realm, session,
- lifetime, kvno, ticket, issue_date);
- tf_close();
- return (tf_status);
-}
diff --git a/kerberosIV/krb/send_to_kdc.c b/kerberosIV/krb/send_to_kdc.c
deleted file mode 100644
index 2c4c538e510..00000000000
--- a/kerberosIV/krb/send_to_kdc.c
+++ /dev/null
@@ -1,477 +0,0 @@
-/* $OpenBSD: send_to_kdc.c,v 1.13 1998/08/16 20:48:39 art Exp $ */
-/* $KTH: send_to_kdc.c,v 1.54 1998/02/17 23:55:35 bg Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-struct host {
- struct sockaddr_in addr;
- enum krb_host_proto proto;
-};
-
-static const char *prog = "send_to_kdc";
-static send_recv(KTEXT pkt, KTEXT rpkt, int f,
- struct sockaddr_in *adr, struct host *addrs,
- int h_hosts);
-
-/*
- * send_to_kdc() sends a message to the Kerberos authentication
- * server(s) in the given realm and returns the reply message.
- * The "pkt" argument points to the message to be sent to Kerberos;
- * the "rpkt" argument will be filled in with Kerberos' reply.
- * The "realm" argument indicates the realm of the Kerberos server(s)
- * to transact with. If the realm is null, the local realm is used.
- *
- * If more than one Kerberos server is known for a given realm,
- * different servers will be queried until one of them replies.
- * Several attempts (retries) are made for each server before
- * giving up entirely.
- *
- * If an answer was received from a Kerberos host, KSUCCESS is
- * returned. The following errors can be returned:
- *
- * SKDC_CANT - can't get local realm
- * - can't find "kerberos" in /etc/services database
- * - can't open socket
- * - can't bind socket
- * - all ports in use
- * - couldn't find any Kerberos host
- *
- * SKDC_RETRY - couldn't get an answer from any Kerberos server,
- * after several retries
- */
-
-/* always use the admin server */
-static int krb_use_admin_server_flag = 0;
-
-int
-krb_use_admin_server(int flag)
-{
- int old = krb_use_admin_server_flag;
- krb_use_admin_server_flag = flag;
- return old;
-}
-
-int
-send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm)
-{
- int i;
- int no_host; /* was a kerberos host found? */
- int retry;
- int n_hosts;
- int retval;
- struct hostent *host;
- char lrealm[REALM_SZ];
- struct krb_host *k_host;
- struct host *hosts = malloc(sizeof(*hosts));
-
- if (hosts == NULL)
- return SKDC_CANT;
-
- /*
- * If "realm" is non-null, use that, otherwise get the
- * local realm.
- */
- if (realm != NULL){
- strncpy(lrealm, realm, REALM_SZ);
- lrealm[REALM_SZ-1] = '\0';
- }
- else
- if (krb_get_lrealm(lrealm,1)) {
- if (krb_debug)
- krb_warning("%s: can't get local realm\n", prog);
- return(SKDC_CANT);
- }
- if (krb_debug)
- krb_warning("lrealm is %s\n", lrealm);
-
- no_host = 1;
- /* get an initial allocation */
- n_hosts = 0;
- for (i = 1; (k_host = krb_get_host(i, lrealm, krb_use_admin_server_flag));
- ++i) {
- char *p;
-
- if (krb_debug)
- krb_warning("Getting host entry for %s...", k_host->host);
- host = gethostbyname(k_host->host);
- if (krb_debug) {
- krb_warning("%s.\n",
- host ? "Got it" : "Didn't get it");
- }
- if (!host)
- continue;
- no_host = 0; /* found at least one */
- while ((p = *(host->h_addr_list)++)) {
- struct host *temp;
-
- temp = realloc(hosts, sizeof(*hosts) * (n_hosts + 1));
- if (temp == NULL) {
- free(hosts);
- return SKDC_CANT;
- }
- hosts = temp;
- memset (&hosts[n_hosts].addr, 0, sizeof(hosts[n_hosts].addr));
- hosts[n_hosts].addr.sin_family = host->h_addrtype;
- hosts[n_hosts].addr.sin_port = htons(k_host->port);
- hosts[n_hosts].proto = k_host->proto;
- memcpy(&hosts[n_hosts].addr.sin_addr, p,
- sizeof(hosts[n_hosts].addr.sin_addr));
- ++n_hosts;
- if (send_recv(pkt, rpkt, hosts[n_hosts-1].proto,
- &hosts[n_hosts-1].addr, hosts, n_hosts)) {
- retval = KSUCCESS;
- goto rtn;
- }
- if (krb_debug) {
- krb_warning("Timeout, error, or wrong descriptor\n");
- }
- }
- }
- if (no_host) {
- if (krb_debug)
- krb_warning("%s: can't find any Kerberos host.\n",
- prog);
- retval = SKDC_CANT;
- goto rtn;
- }
- /* retry each host in sequence */
- for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) {
- for (i = 0; i < n_hosts; ++i) {
- if (send_recv(pkt, rpkt,
- hosts[i].proto,
- &hosts[i].addr,
- hosts,
- n_hosts)) {
- retval = KSUCCESS;
- goto rtn;
- }
- }
- }
- retval = SKDC_RETRY;
-rtn:
- free(hosts);
- hosts = NULL;
- return(retval);
-}
-
-static int udp_socket(void)
-{
- return socket(AF_INET, SOCK_DGRAM, 0);
-}
-
-static int udp_connect(int s, struct sockaddr_in *adr)
-{
- if(krb_debug) {
- krb_warning("connecting to %s udp, port %d\n",
- inet_ntoa(adr->sin_addr),
- ntohs(adr->sin_port));
- }
-
- return connect(s, (struct sockaddr*)adr, sizeof(*adr));
-}
-
-static int udp_send(int s, struct sockaddr_in* adr, KTEXT pkt)
-{
- if(krb_debug) {
- krb_warning("sending %d bytes to %s, udp port %d\n",
- pkt->length,
- inet_ntoa(adr->sin_addr),
- ntohs(adr->sin_port));
- }
-
- return send(s, pkt->dat, pkt->length, 0);
-}
-
-static int tcp_socket(void)
-{
- return socket(AF_INET, SOCK_STREAM, 0);
-}
-
-static int tcp_connect(int s, struct sockaddr_in *adr)
-{
- if(krb_debug) {
- krb_warning("connecting to %s, tcp port %d\n",
- inet_ntoa(adr->sin_addr),
- ntohs(adr->sin_port));
- }
-
- return connect(s, (struct sockaddr*)adr, sizeof(*adr));
-}
-
-static int tcp_send(int s, struct sockaddr_in* adr, KTEXT pkt)
-{
- unsigned char len[4];
-
- if(krb_debug) {
- krb_warning("sending %d bytes to %s, tcp port %d\n",
- pkt->length,
- inet_ntoa(adr->sin_addr),
- ntohs(adr->sin_port));
- }
-
- krb_put_int(pkt->length, len, 4);
- if(send(s, len, sizeof(len), 0) != sizeof(len))
- return -1;
- return send(s, pkt->dat, pkt->length, 0);
-}
-
-static int udptcp_recv(void *buf, size_t len, KTEXT rpkt)
-{
- int pktlen=MIN(len, MAX_KTXT_LEN - 1);
-
- if(krb_debug)
- krb_warning("recieved %d bytes on udp/tcp socket\n", len);
-
- memcpy(rpkt->dat, buf, pktlen);
- rpkt->length = pktlen;
- return 0;
-}
-
-static int url_parse(const char *url, char *host, size_t len, short *port)
-{
- const char *p;
- if (url == NULL || host == NULL)
- return -1;
- if(strncmp(url, "http://", 7))
- return -1;
- url += 7;
- strncpy(host, url, len);
- p = strchr(url, ':');
- if(p){
- *port = atoi(p+1);
- if(p - url >= len)
- return -1;
- host[p - url] = 0;
- }else{
- *port = 80;
- host[len - 1] = 0;
- }
- return 0;
-}
-
-#define PROXY_VAR "krb4_proxy"
-
-static int http_connect(int s, struct sockaddr_in *adr)
-{
- const char *proxy = krb_get_config_string(PROXY_VAR);
- char host[MAXHOSTNAMELEN];
- short port;
- struct hostent *hp;
- struct sockaddr_in sin;
-
- if (adr == NULL)
- return -1;
-
- if(proxy == NULL) {
- if(krb_debug)
- krb_warning("Not using proxy.\n");
- return tcp_connect(s, adr);
- }
-
- if(url_parse(proxy, host, sizeof(host), &port) < 0)
- return -1;
-
- hp = gethostbyname(host);
- if(hp == NULL)
- return -1;
-
- memset(&sin, 0, sizeof(sin));
- sin.sin_family = AF_INET;
- memcpy(&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
- sin.sin_port = htons(port);
- if(krb_debug) {
- krb_warning("connecting to proxy on %s (%s) port %d\n",
- host, inet_ntoa(sin.sin_addr), port);
- }
-
- return connect(s, (struct sockaddr*)&sin, sizeof(sin));
-}
-
-static int http_send(int s, struct sockaddr_in* adr, KTEXT pkt)
-{
- char *str;
- char *msg;
-
- if(base64_encode(pkt->dat, pkt->length, &str) < 0)
- return -1;
-
- if(krb_get_config_string(PROXY_VAR)){
- if(krb_debug) {
- krb_warning("sending %d bytes to %s, tcp port %d (via proxy)\n",
- pkt->length,
- inet_ntoa(adr->sin_addr),
- ntohs(adr->sin_port));
- }
-
- asprintf(&msg, "GET http://%s:%d/%s HTTP/1.0\r\n\r\n",
- inet_ntoa(adr->sin_addr),
- ntohs(adr->sin_port),
- str);
- } else {
- if(krb_debug) {
- krb_warning("sending %d bytes to %s, http port %d\n",
- pkt->length,
- inet_ntoa(adr->sin_addr),
- ntohs(adr->sin_port));
- }
- asprintf(&msg, "GET %s HTTP/1.0\r\n\r\n", str);
- }
- free(str);
- str = NULL;
-
- if (msg == NULL)
- return -1;
-
- if(send(s, msg, strlen(msg), 0) != strlen(msg)){
- free(msg);
- msg = NULL;
- return -1;
- }
- free(msg);
- msg = NULL;
- return 0;
-}
-
-static int http_recv(void *buf, size_t len, KTEXT rpkt)
-{
- char *p;
- int pktlen;
- char *tmp = malloc(len + 1);
- if (tmp == NULL)
- return -1;
-
- memcpy(tmp, buf, len);
- tmp[len] = 0;
- p = strstr(tmp, "\r\n\r\n");
- if(p == NULL){
- free(tmp);
- tmp = NULL;
- return -1;
- }
-
- p += 4;
- if(krb_debug)
- krb_warning("recieved %d bytes on http socket\n", (tmp + len) - p);
- if (p >= tmp+len) {
- free(tmp);
- tmp = NULL;
- return -1;
- }
- pktlen = MIN((tmp + len) - p, MAX_KTXT_LEN - 1);
- memcpy(rpkt->dat, p, pktlen);
-
- rpkt->dat[pktlen] = '\0';
- rpkt->length = pktlen;
- free(tmp);
- tmp = NULL;
- return 0;
-}
-
-static struct proto_descr {
- int proto;
- int stream_flag;
- int (*socket)(void);
- int (*connect)(int, struct sockaddr_in*);
- int (*send)(int, struct sockaddr_in*, KTEXT);
- int (*recv)(void*, size_t, KTEXT);
-} protos[] = {
- { PROTO_UDP, 0, udp_socket, udp_connect, udp_send, udptcp_recv },
- { PROTO_TCP, 1, tcp_socket, tcp_connect, tcp_send, udptcp_recv },
- { PROTO_HTTP, 1, tcp_socket, http_connect, http_send, http_recv }
-};
-
-static int
-send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *adr,
- struct host *addrs, int n_hosts)
-{
- int i;
- int s;
- unsigned char buf[MAX_KTXT_LEN];
- int offset = 0;
- fd_set *fdsp = NULL;
- int fdsn;
-
- for(i = 0; i < sizeof(protos) / sizeof(protos[0]); i++){
- if(protos[i].proto == proto)
- break;
- }
- if(i == sizeof(protos) / sizeof(protos[0]))
- return FALSE;
- if((s = (*protos[i].socket)()) < 0)
- return FALSE;
- if((*protos[i].connect)(s, adr) < 0){
- close(s);
- return FALSE;
- }
- if((*protos[i].send)(s, adr, pkt) < 0){
- close(s);
- return FALSE;
- }
- fdsn = howmany(s+1, NFDBITS) * sizeof(fd_mask);
- if ((fdsp = (fd_set *)malloc(fdsn)) == NULL) {
- close(s);
- return FALSE;
- }
- do{
- struct timeval timeout;
- int len;
- timeout.tv_sec = CLIENT_KRB_TIMEOUT;
- timeout.tv_usec = 0;
-
- memset(fdsp, 0, fdsn);
- FD_SET(s, fdsp);
-
- /* select - either recv is ready, or timeout */
- /* see if timeout or error or wrong descriptor */
- if(select(s + 1, fdsp, 0, 0, &timeout) < 1
- || !FD_ISSET(s, fdsp)) {
- if (krb_debug)
- krb_warning("select failed: errno = %d\n", errno);
- close(s);
- free(fdsp);
- return FALSE;
- }
- len = recv(s, buf + offset, sizeof(buf) - offset, 0);
- if(len <= 0)
- break;
- offset += len;
- }while(protos[i].stream_flag);
- free(fdsp);
- close(s);
- if((*protos[i].recv)(buf, offset, rpkt) < 0)
- return FALSE;
- return TRUE;
-}
diff --git a/kerberosIV/krb/sendauth.c b/kerberosIV/krb/sendauth.c
deleted file mode 100644
index 49e208a65f9..00000000000
--- a/kerberosIV/krb/sendauth.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* $OpenBSD: sendauth.c,v 1.7 1998/02/25 15:51:40 art Exp $ */
-/* $KTH: sendauth.c,v 1.15 1997/04/18 14:11:36 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * krb_sendauth() transmits a ticket over a file descriptor for a
- * desired service, instance, and realm, doing mutual authentication
- * with the server if desired.
- */
-
-/*
- * The first argument to krb_sendauth() contains a bitfield of
- * options (the options are defined in "krb.h"):
- *
- * KOPT_DONT_CANON Don't canonicalize instance as a hostname.
- * (If this option is not chosen, krb_get_phost()
- * is called to canonicalize it.)
- *
- * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos.
- * A ticket must be supplied in the "ticket"
- * argument.
- * (If this option is not chosen, and there
- * is no ticket for the given server in the
- * ticket cache, one will be fetched using
- * krb_mk_req() and returned in "ticket".)
- *
- * KOPT_DO_MUTUAL Do mutual authentication, requiring that the
- * receiving server return the checksum+1 encrypted
- * in the session key. The mutual authentication
- * is done using krb_mk_priv() on the other side
- * (see "recvauth.c") and krb_rd_priv() on this
- * side.
- *
- * The "fd" argument is a file descriptor to write to the remote
- * server on. The "ticket" argument is used to store the new ticket
- * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is
- * chosen, the ticket must be supplied in the "ticket" argument.
- * The "service", "inst", and "realm" arguments identify the ticket.
- * If "realm" is null, the local realm is used.
- *
- * The following arguments are only needed if the KOPT_DO_MUTUAL option
- * is chosen:
- *
- * The "checksum" argument is a number that the server will add 1 to
- * to authenticate itself back to the client; the "msg_data" argument
- * holds the returned mutual-authentication message from the server
- * (i.e., the checksum+1); the "cred" structure is used to hold the
- * session key of the server, extracted from the ticket file, for use
- * in decrypting the mutual authentication message from the server;
- * and "schedule" holds the key schedule for that decryption. The
- * the local and server addresses are given in "laddr" and "faddr".
- *
- * The application protocol version number (of up to KRB_SENDAUTH_VLEN
- * characters) is passed in "version".
- *
- * If all goes well, KSUCCESS is returned, otherwise some error code.
- *
- * The format of the message sent to the server is:
- *
- * Size Variable Field
- * ---- -------- -----
- *
- * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol
- * bytes version number
- *
- * KRB_SENDAUTH_VLEN version application protocol
- * bytes version number
- *
- * 4 bytes ticket->length length of ticket
- *
- * ticket->length ticket->dat ticket itself
- */
-
-int
-krb_sendauth(int32_t options, /* bit-pattern of options */
- int fd, /* file descriptor to write onto */
- KTEXT ticket, /* where to put ticket (return); or
- * supplied in case of KOPT_DONT_MK_REQ */
- char *service, /* service name, instance, realm */
- char *instance,
- char *realm,
- u_int32_t checksum, /* checksum to include in request */
- MSG_DAT *msg_data, /* mutual auth MSG_DAT (return) */
- CREDENTIALS *cred, /* credentials (return) */
- struct des_ks_struct *schedule, /* key schedule (return) */
- struct sockaddr_in *laddr, /* local address */
- struct sockaddr_in *faddr, /* address of foreign host on fd */
- char *version) /* version string */
-{
- int ret;
- KTEXT_ST buf;
- char realrealm[REALM_SZ];
-
- if (realm == NULL) {
- ret = krb_get_lrealm (realrealm, 1);
- if (ret != KSUCCESS)
- return ret;
- realm = realrealm;
- }
- ret = krb_mk_auth (options, ticket, service, instance, realm, checksum,
- version, &buf);
- if (ret != KSUCCESS)
- return ret;
- ret = krb_net_write(fd, buf.dat, buf.length);
- if(ret < 0)
- return -1;
-
- if (options & KOPT_DO_MUTUAL) {
- char tmp[4];
- u_int32_t len;
- char inst[INST_SZ];
- char *i;
-
- ret = krb_net_read (fd, tmp, 4);
- if (ret < 0)
- return -1;
-
- krb_get_int (tmp, &len, 4, 0);
- if (len == 0xFFFFFFFF || len > sizeof(buf.dat))
- return KFAILURE;
- buf.length = len;
- ret = krb_net_read (fd, buf.dat, len);
- if (ret < 0)
- return -1;
-
- if (options & KOPT_DONT_CANON)
- i = instance;
- else
- i = krb_get_phost(instance);
- strncpy (inst, i, sizeof(inst));
- inst[sizeof(inst) - 1] = '\0';
-
- ret = krb_get_cred (service, inst, realm, cred);
- if (ret != KSUCCESS)
- return ret;
-
- des_key_sched(&cred->session, schedule);
-
- ret = krb_check_auth (&buf, checksum, msg_data, &cred->session,
- schedule, laddr, faddr);
- if (ret != KSUCCESS)
- return ret;
- }
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/shlib_version b/kerberosIV/krb/shlib_version
deleted file mode 100644
index 5b844bbf422..00000000000
--- a/kerberosIV/krb/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
-major=7
-minor=0
diff --git a/kerberosIV/krb/stime.c b/kerberosIV/krb/stime.c
deleted file mode 100644
index 0c88eb0e48c..00000000000
--- a/kerberosIV/krb/stime.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/* $OpenBSD: stime.c,v 1.4 1998/02/25 15:51:42 art Exp $ */
-/* $KTH: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1985, 1986, 1987, 1988 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * Given a pointer to a long containing the number of seconds
- * since the beginning of time (midnight 1 Jan 1970 GMT), return
- * a string containing the local time in the form:
- *
- * "25-Jan-1988 10:17:56"
- */
-
-const char *
-krb_stime(time_t *t)
-{
- static char st[40];
- struct tm *tm;
-
- tm = localtime(t);
- snprintf(st, sizeof(st),
- "%2d-%s-%04d %02d:%02d:%02d",tm->tm_mday,
- month_sname(tm->tm_mon + 1),tm->tm_year + 1900,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
- return st;
-}
diff --git a/kerberosIV/krb/str2key.c b/kerberosIV/krb/str2key.c
deleted file mode 100644
index 4c2d1e839d8..00000000000
--- a/kerberosIV/krb/str2key.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* $OpenBSD: str2key.c,v 1.6 1998/06/22 15:22:27 beck Exp $ */
-/* $KTH: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $ */
-
-/* This defines the Andrew string_to_key function. It accepts a password
- * string as input and converts its via a one-way encryption algorithm to a DES
- * encryption key. It is compatible with the original Andrew authentication
- * service password database.
- */
-
-#include "krb_locl.h"
-
-static void
-mklower(char *s)
-{
- for (; s[0] != '\0'; s++)
- if ('A' <= *s && *s <= 'Z')
- *s = *s - 'A' + 'a';
-}
-
-/*
- * Short passwords, i.e 8 characters or less.
- */
-static void
-afs_cmu_StringToKey (char *str, char *cell, des_cblock *key)
-{
- char password[8+1]; /* crypt is limited to 8 chars anyway */
- int i;
- int passlen;
-
- memset(key, 0, sizeof(key));
- memset(password, 0, sizeof(password));
-
- strncpy (password, cell, 8);
- password[8] = '\0';
- passlen = strlen (str);
- if (passlen > 8) passlen = 8;
-
- for (i=0; i<passlen; i++)
- password[i] = str[i] ^ cell[i]; /* make sure cell is zero padded */
-
- for (i=0; i<8; i++)
- if (password[i] == '\0') password[i] = 'X';
-
- /* crypt only considers the first 8 characters of password but for some
- reason returns eleven characters of result (plus the two salt chars). */
- strncpy((char *)key, (char *)des_crypt(password, "#~") + 2, sizeof(des_cblock));
-
- /* parity is inserted into the LSB so leftshift each byte up one bit. This
- allows ascii characters with a zero MSB to retain as much significance
- as possible. */
- { char *keybytes = (char *)key;
- unsigned int temp;
-
- for (i = 0; i < 8; i++) {
- temp = (unsigned int) keybytes[i];
- keybytes[i] = (unsigned char) (temp << 1);
- }
- }
- des_fixup_key_parity (key);
-}
-
-/*
- * Long passwords, i.e 9 characters or more.
- */
-static void
-afs_transarc_StringToKey (char *str, char *cell, des_cblock *key)
-{
- des_key_schedule schedule;
- des_cblock temp_key;
- des_cblock ivec;
- char password[512];
- int passlen;
-
- strncpy (password, str, sizeof(password));
- password[sizeof(password)-1] = '\0';
- if ((passlen = strlen (password)) < sizeof(password)-1)
- strncat (password, cell, sizeof(password)-passlen);
- if ((passlen = strlen(password)) > sizeof(password)) passlen = sizeof(password);
-
- memcpy(&ivec, "kerberos", 8);
- memcpy(&temp_key, "kerberos", 8);
- des_fixup_key_parity (&temp_key);
- des_key_sched (&temp_key, schedule);
- des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec);
-
- memcpy(&temp_key, &ivec, 8);
- des_fixup_key_parity (&temp_key);
- des_key_sched (&temp_key, schedule);
- des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec);
-
- des_fixup_key_parity (key);
-}
-
-void
-afs_string_to_key(char *str, char *cell, des_cblock *key)
-{
- char realm[REALM_SZ+1];
- strncpy(realm, cell, REALM_SZ);
- realm[REALM_SZ] = 0;
- mklower(realm);
-
- if (strlen(str) > 8)
- afs_transarc_StringToKey (str, realm, key);
- else
- afs_cmu_StringToKey (str, realm, key);
-}
diff --git a/kerberosIV/krb/strtok_r.c b/kerberosIV/krb/strtok_r.c
deleted file mode 100644
index 8da8c9d57a0..00000000000
--- a/kerberosIV/krb/strtok_r.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/* $OpenBSD: strtok_r.c,v 1.2 1997/12/09 07:57:40 art Exp $ */
-/* $KTH: strtok_r.c,v 1.4 1997/05/19 03:05:47 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <string.h>
-
-char *
-strtok_r(char *s1, const char *s2, char **lasts)
-{
- char *ret;
-
- if (s1 == NULL)
- s1 = *lasts;
- while(*s1 && strchr(s2, *s1))
- ++s1;
- if(*s1 == '\0')
- return NULL;
- ret = s1;
- while(*s1 && !strchr(s2, *s1))
- ++s1;
- if(*s1)
- *s1++ = '\0';
- *lasts = s1;
- return ret;
-}
diff --git a/kerberosIV/krb/tf_util.3 b/kerberosIV/krb/tf_util.3
deleted file mode 100644
index 47bfb8efb38..00000000000
--- a/kerberosIV/krb/tf_util.3
+++ /dev/null
@@ -1,173 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: tf_util.3,v 1.4 1998/02/25 15:51:43 art Exp $
-.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \
-\- Routines for manipulating a Kerberos ticket file
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-extern char *krb_err_txt[];
-.PP
-.ft B
-tf_init(tf_name, rw)
-char *tf_name;
-int rw;
-.PP
-.ft B
-tf_get_pname(pname)
-char *pname;
-.PP
-.ft B
-tf_get_pinst(pinst)
-char *pinst;
-.PP
-.ft B
-tf_get_cred(c)
-CREDENTIALS *c;
-.PP
-.ft B
-tf_close()
-.PP
-.fi
-.SH DESCRIPTION
-This group of routines are provided to manipulate the Kerberos tickets
-file. A ticket file has the following format:
-.nf
-.in +4
-.sp
-principal's name (null-terminated string)
-principal's instance (null-terminated string)
-CREDENTIAL_1
-CREDENTIAL_2
- ...
-CREDENTIAL_n
-EOF
-.sp
-.in -4
-.LP
-Where "CREDENTIAL_x" consists of the following fixed-length
-fields from the CREDENTIALS structure (defined in <krb.h>):
-.nf
-.sp
-.in +4
- char service[ANAME_SZ]
- char instance[INST_SZ]
- char realm[REALM_SZ]
- des_cblock session
- int lifetime
- int kvno
- KTEXT_ST ticket_st
- long issue_date
-.in -4
-.sp
-.fi
-.PP
-.I tf_init
-must be called before the other ticket file
-routines.
-It takes the name of the ticket file to use,
-and a read/write flag as arguments.
-It tries to open the ticket file, checks the mode and if
-everything is okay, locks the file. If it's opened for
-reading, the lock is shared. If it's opened for writing,
-the lock is exclusive.
-KSUCCESS is returned if all went well, otherwise one of the
-following:
-.nf
-.sp
-NO_TKT_FIL - file wasn't there
-TKT_FIL_ACC - file was in wrong mode, etc.
-TKT_FIL_LCK - couldn't lock the file, even after a retry
-.sp
-.fi
-.PP
-The
-.I tf_get_pname
-reads the principal's name from a ticket file.
-It should only be called after tf_init has been called. The
-principal's name is filled into the
-.I pname
-parameter. If all goes
-well, KSUCCESS is returned.
-If tf_init wasn't called, TKT_FIL_INI
-is returned.
-If the principal's name was null, or EOF was encountered, or the
-name was longer than ANAME_SZ, TKT_FIL_FMT is returned.
-.PP
-The
-.I tf_get_pinst
-reads the principal's instance from a ticket file.
-It should only be called after tf_init and tf_get_pname
-have been called.
-The principal's instance is filled into the
-.I pinst
-parameter.
-If all goes
-well, KSUCCESS is returned.
-If tf_init wasn't called, TKT_FIL_INI
-is returned.
-If EOF was encountered, or the
-name was longer than INST_SZ, TKT_FIL_FMT is returned.
-Note that, unlike the principal name, the instance name may be null.
-.PP
-The
-.I tf_get_cred
-routine reads a CREDENTIALS record from a ticket file and
-fills in the given structure.
-It should only be called after
-tf_init, tf_get_pname, and tf_get_pinst have been called.
-If all goes well, KSUCCESS is returned. Possible error codes
-are:
-.nf
-.sp
-TKT_FIL_INI - tf_init wasn't called first
-TKT_FIL_FMT - bad format
-EOF - end of file encountered
-.sp
-.fi
-.PP
-.I tf_close
-closes the ticket file and releases the lock on it.
-.SH "SEE ALSO"
-krb(3)
-.SH DIAGNOSTICS
-.SH BUGS
-The ticket file routines have to be called in a certain order.
-.SH AUTHORS
-Jennifer Steiner, MIT Project Athena
-.br
-Bill Bryant, MIT Project Athena
-.SH RESTRICTIONS
-Copyright 1987 Massachusetts Institute of Technology
diff --git a/kerberosIV/krb/tf_util.c b/kerberosIV/krb/tf_util.c
deleted file mode 100644
index 137d7e3bdce..00000000000
--- a/kerberosIV/krb/tf_util.c
+++ /dev/null
@@ -1,689 +0,0 @@
-/* $OpenBSD: tf_util.c,v 1.7 1998/05/18 00:54:00 art Exp $ */
-/* $KTH: tf_util.c,v 1.30 1998/04/22 13:10:15 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-#define TOO_BIG -1
-#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before
- * retry if ticket file is
- * locked */
-#define TF_LCK_RETRY_COUNT (50) /* number of retries */
-
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-/*
- * fd must be initialized to something that won't ever occur as a real
- * file descriptor. Since open(2) returns only non-negative numbers as
- * valid file descriptors, and tf_init always stuffs the return value
- * from open in here even if it is an error flag, we must
- * a. Initialize fd to a negative number, to indicate that it is
- * not initially valid.
- * b. When checking for a valid fd, assume that negative values
- * are invalid (ie. when deciding whether tf_init has been
- * called.)
- * c. In tf_close, be sure it gets reinitialized to a negative
- * number.
- */
-static int fd = -1;
-static int curpos; /* Position in tfbfr */
-static int lastpos; /* End of tfbfr */
-static char tfbfr[BUFSIZ]; /* Buffer for ticket data */
-
-static int tf_gets(char *s, int n);
-static int tf_read(void *s, int n);
-
-/*
- * This file contains routines for manipulating the ticket cache file.
- *
- * The ticket file is in the following format:
- *
- * principal's name (null-terminated string)
- * principal's instance (null-terminated string)
- * CREDENTIAL_1
- * CREDENTIAL_2
- * ...
- * CREDENTIAL_n
- * EOF
- *
- * Where "CREDENTIAL_x" consists of the following fixed-length
- * fields from the CREDENTIALS structure (see "krb.h"):
- *
- * char service[ANAME_SZ]
- * char instance[INST_SZ]
- * char realm[REALM_SZ]
- * C_Block session
- * int lifetime
- * int kvno
- * KTEXT_ST ticket_st
- * u_int32_t issue_date
- *
- * Short description of routines:
- *
- * tf_init() opens the ticket file and locks it.
- *
- * tf_get_pname() returns the principal's name.
- *
- * tf_put_pname() writes the principal's name to the ticket file.
- *
- * tf_get_pinst() returns the principal's instance (may be null).
- *
- * tf_put_pinst() writes the instance.
- *
- * tf_get_cred() returns the next CREDENTIALS record.
- *
- * tf_save_cred() appends a new CREDENTIAL record to the ticket file.
- *
- * tf_close() closes the ticket file and releases the lock.
- *
- * tf_gets() returns the next null-terminated string. It's an internal
- * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred().
- *
- * tf_read() reads a given number of bytes. It's an internal routine
- * used by tf_get_cred().
- */
-
-/*
- * tf_init() should be called before the other ticket file routines.
- * It takes the name of the ticket file to use, "tf_name", and a
- * read/write flag "rw" as arguments.
- *
- * It tries to open the ticket file, checks the mode, and if everything
- * is okay, locks the file. If it's opened for reading, the lock is
- * shared. If it's opened for writing, the lock is exclusive.
- *
- * Returns KSUCCESS if all went well, otherwise one of the following:
- *
- * NO_TKT_FIL - file wasn't there
- * TKT_FIL_ACC - file was in wrong mode, etc.
- * TKT_FIL_LCK - couldn't lock the file, even after a retry
- */
-
-int
-tf_init(char *tf_name, int rw)
-{
- /* Unix implementation */
- int wflag;
- struct stat stat_buf;
- int i_retry;
-
- switch (rw) {
- case R_TKT_FIL:
- wflag = 0;
- break;
- case W_TKT_FIL:
- wflag = 1;
- break;
- default:
- if (krb_debug)
- krb_warning("tf_init: illegal parameter\n");
- return TKT_FIL_ACC;
- }
- if (lstat(tf_name, &stat_buf) < 0)
- switch (errno) {
- case ENOENT:
- return NO_TKT_FIL;
- default:
- return TKT_FIL_ACC;
- }
- if (!S_ISREG(stat_buf.st_mode))
- return TKT_FIL_ACC;
-
- /* The code tries to guess when the calling program is running
- * set-uid and prevent unauthorized access.
- *
- * All library functions now assume that the right set of userids
- * are set upon entry, therefore it's not strictly necessary to
- * perform these test for programs adhering to these assumptions.
- */
- {
- uid_t me = getuid();
- if (stat_buf.st_uid != me && me != 0)
- return TKT_FIL_ACC;
- }
-
- /*
- * If "wflag" is set, open the ticket file in append-writeonly mode
- * and lock the ticket file in exclusive mode. If unable to lock
- * the file, sleep and try again. If we fail again, return with the
- * proper error message.
- */
-
- curpos = sizeof(tfbfr);
-
-
- if (wflag) {
- fd = open(tf_name, O_RDWR | O_BINARY, 0600);
- if (fd < 0) {
- return TKT_FIL_ACC;
- }
- for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) {
- if (flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
- if (krb_debug)
- krb_warning("tf_init: retry %d of write lock of `%s'.\n",
- i_retry, tf_name);
- sleep (TF_LCK_RETRY);
- } else {
- return KSUCCESS; /* all done */
- }
- }
- close (fd);
- fd = -1;
- return TKT_FIL_LCK;
- }
- /*
- * Otherwise "wflag" is not set and the ticket file should be opened
- * for read-only operations and locked for shared access.
- */
-
- fd = open(tf_name, O_RDONLY | O_BINARY, 0600);
- if (fd < 0) {
- return TKT_FIL_ACC;
- }
-
- for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) {
- if (flock(fd, K_LOCK_SH | K_LOCK_NB) < 0) {
- if (krb_debug)
- krb_warning("tf_init: retry %d of read lock of `%s'.\n",
- i_retry, tf_name);
- sleep (TF_LCK_RETRY);
- } else {
- return KSUCCESS; /* all done */
- }
- }
- /* failure */
- close(fd);
- fd = -1;
- return TKT_FIL_LCK;
-}
-
-/*
- * tf_create() should be called when creating a new ticket file.
- * The only argument is the name of the ticket file.
- * After calling this, it should be possible to use other tf_* functions.
- *
- * New algoritm for creating ticket file:
- * 1. try to erase contents of existing file.
- * 2. try to remove old file.
- * 3. try to open with O_CREAT and O_EXCL
- * 4. if this fails, someone has created a file in between 1 and 2 and
- * we should fail. Otherwise, all is wonderful.
- */
-
-int
-tf_create(char *tf_name)
-{
- struct stat statbuf;
- char garbage[BUFSIZ];
-
- fd = open(tf_name, O_RDWR | O_BINARY, 0);
- if (fd >= 0) {
- if (fstat (fd, &statbuf) == 0) {
- int i;
-
- for (i = 0; i < statbuf.st_size; i += sizeof(garbage))
- write (fd, garbage, sizeof(garbage));
- }
- close (fd);
- }
-
- if (unlink (tf_name) && errno != ENOENT)
- return TKT_FIL_ACC;
-
- fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
- if (fd < 0)
- return TKT_FIL_ACC;
- if (flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
- sleep(TF_LCK_RETRY);
- if (flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
- close(fd);
- fd = -1;
- return TKT_FIL_LCK;
- }
- }
- return KSUCCESS;
-}
-
-/*
- * tf_get_pname() reads the principal's name from the ticket file. It
- * should only be called after tf_init() has been called. The
- * principal's name is filled into the "p" parameter. If all goes well,
- * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is
- * returned. If the name was null, or EOF was encountered, or the name
- * was longer than ANAME_SZ, TKT_FIL_FMT is returned.
- */
-
-int
-tf_get_pname(char *p)
-{
- if (fd < 0) {
- if (krb_debug)
- krb_warning("tf_get_pname called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */
- {
- if (krb_debug)
- krb_warning ("tf_get_pname: pname < 2.\n");
- return TKT_FIL_FMT;
- }
- return KSUCCESS;
-}
-
-/*
- * tf_put_pname() sets the principal's name in the ticket file. Call
- * after tf_create().
- */
-
-int
-tf_put_pname(char *p)
-{
- unsigned count;
-
- if (fd < 0) {
- if (krb_debug)
- krb_warning("tf_put_pname called before tf_create.\n");
- return TKT_FIL_INI;
- }
- count = strlen(p)+1;
- if (write(fd,p,count) != count)
- return(KFAILURE);
- return KSUCCESS;
-}
-
-/*
- * tf_get_pinst() reads the principal's instance from a ticket file.
- * It should only be called after tf_init() and tf_get_pname() have been
- * called. The instance is filled into the "inst" parameter. If all
- * goes well, KSUCCESS is returned. If tf_init() wasn't called,
- * TKT_FIL_INI is returned. If EOF was encountered, or the instance
- * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the
- * instance may be null.
- */
-
-int
-tf_get_pinst(char *inst)
-{
- if (fd < 0) {
- if (krb_debug)
- krb_warning("tf_get_pinst called before tf_init.\n");
- return TKT_FIL_INI;
- }
- if (tf_gets(inst, INST_SZ) < 1)
- {
- if (krb_debug)
- krb_warning("tf_get_pinst: inst_sz < 1.\n");
- return TKT_FIL_FMT;
- }
- return KSUCCESS;
-}
-
-/*
- * tf_put_pinst writes the principal's instance to the ticket file.
- * Call after tf_create.
- */
-
-int
-tf_put_pinst(char *inst)
-{
- unsigned count;
-
- if (fd < 0) {
- if (krb_debug)
- krb_warning("tf_put_pinst called before tf_create.\n");
- return TKT_FIL_INI;
- }
- count = strlen(inst)+1;
- if (write(fd,inst,count) != count)
- return(KFAILURE);
- return KSUCCESS;
-}
-
-/*
- * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills
- * in the given structure "c". It should only be called after tf_init(),
- * tf_get_pname(), and tf_get_pinst() have been called. If all goes well,
- * KSUCCESS is returned. Possible error codes are:
- *
- * TKT_FIL_INI - tf_init wasn't called first
- * TKT_FIL_FMT - bad format
- * EOF - end of file encountered
- */
-
-#define MAGIC_TICKET_NAME "magic"
-#define MAGIC_TICKET_INST "time-diff"
-
-int
-tf_get_cred(CREDENTIALS *c)
-{
- KTEXT ticket = &c->ticket_st; /* pointer to ticket */
- int k_errno;
-
- if (fd < 0) {
- if (krb_debug)
- krb_warning ("tf_get_cred called before tf_init.\n");
- return TKT_FIL_INI;
- }
-again:
- if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2)
- switch (k_errno) {
- case TOO_BIG:
- if (krb_debug)
- krb_warning("tf_get_cred: too big service cred.\n");
- case 1: /* can't be just a null */
- tf_close();
- if (krb_debug)
- krb_warning("tf_get_cred: null service cred.\n");
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1)
- switch (k_errno) {
- case TOO_BIG:
- if (krb_debug)
- krb_warning ("tf_get_cred: too big instance cred.\n");
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2)
- switch (k_errno) {
- case TOO_BIG:
- if (krb_debug)
- krb_warning ("tf_get_cred: too big realm cred.\n");
- case 1: /* can't be just a null */
- tf_close();
- if (krb_debug)
- krb_warning ("tf_get_cred: null realm cred.\n");
- return TKT_FIL_FMT;
- case 0:
- return EOF;
- }
- if (
- tf_read((c->session), DES_KEY_SZ) < 1 ||
- tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 ||
- tf_read(&(c->kvno), sizeof(c->kvno)) < 1 ||
- tf_read(&(ticket->length), sizeof(ticket->length))
- < 1 ||
- /* don't try to read a silly amount into ticket->dat */
- ticket->length > MAX_KTXT_LEN ||
- tf_read((ticket->dat), ticket->length) < 1 ||
- tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1
- ) {
- tf_close();
- if (krb_debug)
- krb_warning ("tf_get_cred: failed tf_read.\n");
- return TKT_FIL_FMT;
- }
- if(strcmp(c->service, MAGIC_TICKET_NAME) == 0 &&
- strcmp(c->instance, MAGIC_TICKET_INST) == 0) {
- /* we found the magic `time diff' ticket; update the kdc time
- differential, and then get the next ticket */
- u_int32_t d;
-
- krb_get_int(c->ticket_st.dat, &d, 4, 0);
- krb_set_kdc_time_diff(d);
- goto again;
- }
- return KSUCCESS;
-}
-
-/*
- * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is
- * not a valid file descriptor, it just returns. It also clears the
- * buffer used to read tickets.
- *
- * The return value is not defined.
- */
-
-void
-tf_close(void)
-{
- if (!(fd < 0)) {
- flock(fd, K_LOCK_UN);
- close(fd);
- fd = -1; /* see declaration of fd above */
- }
- memset(tfbfr, 0, sizeof(tfbfr));
-}
-
-/*
- * tf_gets() is an internal routine. It takes a string "s" and a count
- * "n", and reads from the file until either it has read "n" characters,
- * or until it reads a null byte. When finished, what has been read exists
- * in "s". If it encounters EOF or an error, it closes the ticket file.
- *
- * Possible return values are:
- *
- * n the number of bytes read (including null terminator)
- * when all goes well
- *
- * 0 end of file or read error
- *
- * TOO_BIG if "count" characters are read and no null is
- * encountered. This is an indication that the ticket
- * file is seriously ill.
- */
-
-static int
-tf_gets(char *s, int n)
-{
- int count;
-
- if (fd < 0) {
- if (krb_debug)
- krb_warning ("tf_gets called before tf_init.\n");
- return TKT_FIL_INI;
- }
- for (count = n - 1; count > 0; --count) {
- if (curpos >= sizeof(tfbfr)) {
- lastpos = read(fd, tfbfr, sizeof(tfbfr));
- curpos = 0;
- }
- if (curpos == lastpos) {
- tf_close();
- return 0;
- }
- *s = tfbfr[curpos++];
- if (*s++ == '\0')
- return (n - count);
- }
- tf_close();
- return TOO_BIG;
-}
-
-/*
- * tf_read() is an internal routine. It takes a string "s" and a count
- * "n", and reads from the file until "n" bytes have been read. When
- * finished, what has been read exists in "s". If it encounters EOF or
- * an error, it closes the ticket file.
- *
- * Possible return values are:
- *
- * n the number of bytes read when all goes well
- *
- * 0 on end of file or read error
- */
-
-static int
-tf_read(void *v, int n)
-{
- char *s = (char *)v;
- int count;
-
- for (count = n; count > 0; --count) {
- if (curpos >= sizeof(tfbfr)) {
- lastpos = read(fd, tfbfr, sizeof(tfbfr));
- curpos = 0;
- }
- if (curpos == lastpos) {
- tf_close();
- return 0;
- }
- *s++ = tfbfr[curpos++];
- }
- return n;
-}
-
-/*
- * tf_save_cred() appends an incoming ticket to the end of the ticket
- * file. You must call tf_init() before calling tf_save_cred().
- *
- * The "service", "instance", and "realm" arguments specify the
- * server's name; "session" contains the session key to be used with
- * the ticket; "kvno" is the server key version number in which the
- * ticket is encrypted, "ticket" contains the actual ticket, and
- * "issue_date" is the time the ticket was requested (local host's time).
- *
- * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't
- * called previously, and KFAILURE for anything else that went wrong.
- */
-
-int
-tf_save_cred(char *service, /* Service name */
- char *instance, /* Instance */
- char *realm, /* Auth domain */
- unsigned char *session, /* Session key */
- int lifetime, /* Lifetime */
- int kvno, /* Key version number */
- KTEXT ticket, /* The ticket itself */
- u_int32_t issue_date) /* The issue time */
-{
- int count; /* count for write */
-
- if (fd < 0) { /* fd is ticket file as set by tf_init */
- if (krb_debug)
- krb_warning ("tf_save_cred called before tf_init.\n");
- return TKT_FIL_INI;
- }
- /* Find the end of the ticket file */
- lseek(fd, 0L, SEEK_END);
-
- /* Write the ticket and associated data */
- /* Service */
- count = strlen(service) + 1;
- if (write(fd, service, count) != count)
- goto bad;
- /* Instance */
- count = strlen(instance) + 1;
- if (write(fd, instance, count) != count)
- goto bad;
- /* Realm */
- count = strlen(realm) + 1;
- if (write(fd, realm, count) != count)
- goto bad;
- /* Session key */
- if (write(fd, session, 8) != 8)
- goto bad;
- /* Lifetime */
- if (write(fd, &lifetime, sizeof(int)) != sizeof(int))
- goto bad;
- /* Key vno */
- if (write(fd, &kvno, sizeof(int)) != sizeof(int))
- goto bad;
- /* Tkt length */
- if (write(fd, &(ticket->length), sizeof(int)) !=
- sizeof(int))
- goto bad;
- /* Ticket */
- count = ticket->length;
- if (write(fd, ticket->dat, count) != count)
- goto bad;
- /* Issue date */
- if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date))
- goto bad;
-
- return (KSUCCESS);
-bad:
- return (KFAILURE);
-}
-
-int
-tf_setup(CREDENTIALS *cred, char *pname, char *pinst)
-{
- int ret;
- ret = tf_create(tkt_string());
- if (ret != KSUCCESS)
- return ret;
-
- if (tf_put_pname(pname) != KSUCCESS ||
- tf_put_pinst(pinst) != KSUCCESS) {
- tf_close();
- return INTK_ERR;
- }
-
- if(krb_get_kdc_time_diff() != 0) {
- /* Add an extra magic ticket containing the time differential
- to the kdc. The first ticket defines which realm we belong
- to, but since this ticket gets the same realm as the tgt,
- this shouldn't be a problem */
- CREDENTIALS magic;
- des_cblock s = { 0, 0, 0, 0, 0, 0, 0, 0 };
- KTEXT_ST t;
- int d = krb_get_kdc_time_diff();
- krb_put_int(d, t.dat, 4);
- t.length = 4;
- tf_save_cred(MAGIC_TICKET_NAME, MAGIC_TICKET_INST, cred->realm, s,
- cred->lifetime, 0, &t, cred->issue_date);
- }
-
- ret = tf_save_cred(cred->service, cred->instance, cred->realm,
- cred->session, cred->lifetime, cred->kvno,
- &cred->ticket_st, cred->issue_date);
- tf_close();
- return ret;
-}
-
-int
-in_tkt(char *pname, char *pinst)
-{
- int ret;
-
- ret = tf_create (tkt_string());
- if (ret != KSUCCESS)
- return ret;
-
- if (tf_put_pname(pname) != KSUCCESS ||
- tf_put_pinst(pinst) != KSUCCESS) {
- tf_close();
- return INTK_ERR;
- }
-
- tf_close();
- return KSUCCESS;
-}
diff --git a/kerberosIV/krb/time.c b/kerberosIV/krb/time.c
deleted file mode 100644
index 4cfc9aeaff4..00000000000
--- a/kerberosIV/krb/time.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/* $OpenBSD: time.c,v 1.3 1998/06/23 12:25:00 art Exp $ */
-/* $KTH: time.c,v 1.1 1998/02/19 19:12:55 joda Exp $ */
-/*
- * Copyright (c) 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/* number of seconds the kdc clock is ahead of us */
-static int time_diff;
-
-void
-krb_set_kdc_time_diff(int diff)
-{
- time_diff = diff;
- if(krb_debug)
- krb_warning("Setting time diff to %d\n", diff);
-}
-
-int
-krb_get_kdc_time_diff(void)
-{
- return time_diff;
-}
-
-/* return the time at the kdc (local time corrected with a time
- differential) */
-void
-krb_kdctimeofday(struct timeval *tv)
-{
- time_t t;
-
- gettimeofday(tv, NULL);
- t = (time_t)tv->tv_sec;
-
- if(krb_debug)
- krb_warning("Machine time: %s", ctime(&t));
- tv->tv_sec += krb_get_kdc_time_diff();
- t = (time_t)tv->tv_sec;
- if(krb_debug)
- krb_warning("Correcting to %s", ctime(&t));
-}
diff --git a/kerberosIV/krb/tkt_string.c b/kerberosIV/krb/tkt_string.c
deleted file mode 100644
index 97b6f6a3e92..00000000000
--- a/kerberosIV/krb/tkt_string.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/* $OpenBSD: tkt_string.c,v 1.8 1998/05/18 00:54:02 art Exp $ */
-/* $KTH: tkt_string.c,v 1.13 1998/04/04 17:56:53 assar Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * This routine is used to generate the name of the file that holds
- * the user's cache of server tickets and associated session keys.
- *
- * If it is set, krb_ticket_string contains the ticket file name.
- * Otherwise, the filename is constructed as follows:
- *
- * If it is set, the environment variable "KRBTKFILE" will be used as
- * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and
- * the user's uid are concatenated to produce the ticket file name
- * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket
- * file name is returned.
- */
-
-static char krb_ticket_string[MAXPATHLEN] = "";
-
-char *
-tkt_string(void)
-{
- char *env;
-
- if (krb_ticket_string[0] == '\0') {
- if ((env = getenv("KRBTKFILE"))) {
- strncpy(krb_ticket_string, env,
- sizeof(krb_ticket_string)-1);
- krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
- } else {
- snprintf(krb_ticket_string, sizeof(krb_ticket_string),
- "%s%u",TKT_ROOT,(unsigned)getuid());
- }
- }
- return krb_ticket_string;
-}
-
-/*
- * This routine is used to set the name of the file that holds the user's
- * cache of server tickets and associated session keys.
- *
- * The value passed in is copied into local storage.
- *
- * NOTE: This routine should be called during initialization, before other
- * Kerberos routines are called; otherwise tkt_string() above may be called
- * and return an undesired ticket file name until this routine is called.
- */
-
-void
-krb_set_tkt_string(const char *val)
-{
-
- strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1);
- krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
-
- return;
-}
diff --git a/kerberosIV/krb/unparse_name.c b/kerberosIV/krb/unparse_name.c
deleted file mode 100644
index 78f3675a775..00000000000
--- a/kerberosIV/krb/unparse_name.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* $OpenBSD: unparse_name.c,v 1.3 1997/12/09 09:07:09 art Exp $ */
-/* $KTH: unparse_name.c,v 1.7 1997/04/01 08:18:46 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-static void
-quote_string(char *quote, char *from, char *to)
-{
- while(*from){
- if(strchr(quote, *from))
- *to++ = '\\';
- *to++ = *from++;
- }
- *to = 0;
-}
-
-/* To be compatible with old functions, we quote differently in each
- part of the principal*/
-
-char *
-krb_unparse_name_r(krb_principal *pr, char *fullname)
-{
- quote_string("'@\\", pr->name, fullname);
- if(pr->instance[0]){
- strncat(fullname, ".", MAXPATHLEN - strlen(fullname));
- fullname[MAXPATHLEN-1] = '\0';
- quote_string("@\\", pr->instance, fullname + strlen(fullname));
- }
- if(pr->realm[0]){
- strncat(fullname, "@", MAXPATHLEN - strlen(fullname));
- fullname[MAXPATHLEN-1] = '\0';
- quote_string("\\", pr->realm, fullname + strlen(fullname));
- }
- return fullname;
-}
-
-char *
-krb_unparse_name_long_r(char *name, char *instance, char *realm,
- char *fullname)
-{
- krb_principal pr;
- memset(&pr, 0, sizeof(pr));
- strncpy(pr.name, name, ANAME_SZ-1);
- pr.name[ANAME_SZ-1] = '\0';
- if(instance != NULL){
- strncpy(pr.instance, instance, INST_SZ-1);
- pr.instance[INST_SZ-1] = '\0';
- }
- if(realm != NULL){
- strncpy(pr.realm, realm, REALM_SZ-1);
- pr.realm[REALM_SZ-1] = '\0';
- }
- return krb_unparse_name_r(&pr, fullname);
-}
-
-char *
-krb_unparse_name(krb_principal *pr)
-{
- static char principal[MAX_K_NAME_SZ];
- krb_unparse_name_r(pr, principal);
- return principal;
-}
-
-char *
-krb_unparse_name_long(char *name, char *instance, char *realm)
-{
- krb_principal pr;
- memset(&pr, 0, sizeof(pr));
- strncpy(pr.name, name, ANAME_SZ-1);
- pr.name[ANAME_SZ-1] = '\0';
- if(instance != NULL){
- strncpy(pr.instance, instance, INST_SZ-1);
- pr.instance[INST_SZ-1] = '\0';
- }
- if(realm != NULL){
- strncpy(pr.realm, realm, REALM_SZ-1);
- pr.realm[REALM_SZ-1] = '\0';
- }
- return krb_unparse_name(&pr);
-}
diff --git a/kerberosIV/krb/util.c b/kerberosIV/krb/util.c
deleted file mode 100644
index a7dbaa71a83..00000000000
--- a/kerberosIV/krb/util.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* $OpenBSD: util.c,v 1.4 1998/02/25 15:51:47 art Exp $ */
-/* $KTH: util.c,v 1.6 1996/10/05 00:18:34 joda Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- *
- */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include "krb_locl.h"
-
-/*
- * Print some of the contents of the given authenticator structure
- * (AUTH_DAT defined in "krb.h"). Fields printed are:
- *
- * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session
- */
-
-void
-ad_print(AUTH_DAT *x)
-{
- /*
- * Print the contents of an auth_dat struct.
- */
- struct in_addr address;
- address.s_addr = x->address;
- printf("\n%s %s %s %s flags %u cksum 0x%X\n\ttkt_tm 0x%X sess_key",
- x->pname, x->pinst, x->prealm,
- inet_ntoa(address), x->k_flags,
- x->checksum, x->time_sec);
- printf("[8] =");
-#ifdef NOENCRYPTION
- placebo_cblock_print(x->session);
-#else
- des_cblock_print_file(&x->session,stdout);
-#endif
- /* skip reply for now */
-}
-
-/*
- * Print in hex the 8 bytes of the given session key.
- *
- * Printed format is: " 0x { x, x, x, x, x, x, x, x }"
- */
-
-#ifdef NOENCRYPTION
-placebo_cblock_print(x)
- des_cblock x;
-{
- unsigned char *y = (unsigned char *) x;
- int i = 0;
-
- printf(" 0x { ");
-
- while (i++ <8) {
- printf("%x",*y++);
- if (i<8) printf(", ");
- }
- printf(" }");
-}
-#endif
diff --git a/kerberosIV/krb/verify_user.c b/kerberosIV/krb/verify_user.c
deleted file mode 100644
index a9f064fa9be..00000000000
--- a/kerberosIV/krb/verify_user.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* $OpenBSD: verify_user.c,v 1.4 1998/05/18 00:54:03 art Exp $ */
-/* $KTH: verify_user.c,v 1.11 1997/12/24 14:32:38 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-/* Verify user with password. If secure, also verify against local
- * service key, this can (usually) only be done by root.
- *
- * As a side effect, fresh tickets are obtained.
- *
- * srvtab is where the key is found.
- *
- * Returns zero if ok, a positive kerberos error or -1 for system
- * errors.
- */
-
-int
-krb_verify_user_srvtab(char *name,
- char *instance,
- char *realm,
- char *password,
- int secure,
- char *linstance,
- char *srvtab)
-{
- int ret;
- ret = krb_get_pw_in_tkt(name, instance, realm,
- KRB_TICKET_GRANTING_TICKET,
- realm,
- DEFAULT_TKT_LIFE, password);
- if(ret != KSUCCESS)
- return ret;
-
- if(secure){
- struct hostent *hp;
- int32_t addr;
-
- KTEXT_ST ticket;
- AUTH_DAT auth;
-
- char lrealm[REALM_SZ];
- char hostname[MAXHOSTNAMELEN];
- char *phost;
-
- if (gethostname(hostname, sizeof(hostname)) == -1) {
- dest_tkt();
- return -1;
- }
-
- hp = gethostbyname(hostname);
- if(hp == NULL){
- dest_tkt();
- return -1;
- }
- memcpy(&addr, hp->h_addr, sizeof(addr));
-
- ret = krb_get_lrealm(lrealm, 1);
- if(ret != KSUCCESS){
- dest_tkt();
- return ret;
- }
- phost = krb_get_phost(hostname);
-
- if (linstance == NULL)
- linstance = "rcmd";
-
- ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33);
- if(ret != KSUCCESS){
- dest_tkt();
- return ret;
- }
-
- ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, srvtab);
- if(ret != KSUCCESS){
- dest_tkt();
- return ret;
- }
- }
- return 0;
-}
-
-/*
- * Compat function without srvtab.
- */
-
-int
-krb_verify_user(char *name,
- char *instance,
- char *realm,
- char *password,
- int secure,
- char *linstance)
-{
- return krb_verify_user_srvtab (name,
- instance,
- realm,
- password,
- secure,
- linstance,
- "");
-}
diff --git a/kerberosIV/krb/version.c b/kerberosIV/krb/version.c
deleted file mode 100644
index 3c2a7132bc2..00000000000
--- a/kerberosIV/krb/version.c
+++ /dev/null
@@ -1,5 +0,0 @@
-/* $OpenBSD: version.c,v 1.3 1998/02/18 11:54:06 art Exp $ */
-#include <version.h>
-
-char *krb4_long_version = "@(#)$Version: "VERSION;
-char *krb4_version = VERSION;
diff --git a/kerberosIV/ksrvtgt/Makefile b/kerberosIV/ksrvtgt/Makefile
deleted file mode 100644
index 28025791f91..00000000000
--- a/kerberosIV/ksrvtgt/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.1 1995/12/14 06:52:51 tholo Exp $
-
-PROG= ksrvtgt
-CFLAGS+=-DKERBEROS
-DPADD= ${LIBKRB} ${LIBDES}
-LDADD= -lkrb -ldes
-BINDIR= /usr/bin
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/ksrvtgt/ksrvtgt.1 b/kerberosIV/ksrvtgt/ksrvtgt.1
deleted file mode 100644
index 558c501934e..00000000000
--- a/kerberosIV/ksrvtgt/ksrvtgt.1
+++ /dev/null
@@ -1,73 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: ksrvtgt.1,v 1.4 1998/02/25 15:51:48 art Exp $
-.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a
-service key
-.SH SYNOPSIS
-.B ksrvtgt
-name instance [[realm] srvtab]
-.SH DESCRIPTION
-.I ksrvtgt
-retrieves a ticket-granting ticket with a lifetime of five (5) minutes
-for the principal
-.I name.instance@realm
-(or
-.I name.instance@localrealm
-if
-.I realm
-is not supplied on the command line), decrypts the response using
-the service key found in
-.I srvtab
-(or in
-.B /etc/kerberosIV/srvtab
-if
-.I srvtab
-is not specified on the command line), and stores the ticket in the
-standard ticket cache.
-.PP
-This command is intended primarily for use in shell scripts and other
-batch-type facilities.
-.SH DIAGNOSTICS
-"Generic kerberos failure (kfailure)" can indicate a whole range of
-problems, the most common of which is the inability to read the service
-key file.
-.SH FILES
-.TP 2i
-/etc/kerberosIV/krb.conf
-to get the name of the local realm.
-.TP
-/tmp/tkt[uid]
-The default ticket file.
-.TP
-/etc/kerberosIV/srvtab
-The default service key file.
-.SH SEE ALSO
-kerberos(1), kinit(1), kdestroy(1)
diff --git a/kerberosIV/ksrvtgt/ksrvtgt.c b/kerberosIV/ksrvtgt/ksrvtgt.c
deleted file mode 100644
index edb2dc715f6..00000000000
--- a/kerberosIV/ksrvtgt/ksrvtgt.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* $OpenBSD: ksrvtgt.c,v 1.5 1998/02/25 15:51:50 art Exp $ */
-
-/*
- * This source code is no longer held under any constraint of USA
- * `cryptographic laws' since it was exported legally. The cryptographic
- * functions were removed from the code and a "Bones" distribution was
- * made. A Commodity Jurisdiction Request #012-94 was filed with the
- * USA State Department, who handed it to the Commerce department. The
- * code was determined to fall under General License GTDA under ECCN 5D96G,
- * and hence exportable. The cryptographic interfaces were re-added by Eric
- * Young, and then KTH proceeded to maintain the code in the free world.
- */
-
-/*-
- * Copyright (C) 1988 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <sys/param.h>
-#include <des.h>
-#include <kerberosIV/krb.h>
-
-const char rcsid[] =
- "$Id: ksrvtgt.c,v 1.5 1998/02/25 15:51:50 art Exp $";
-
-main(argc,argv)
- int argc;
- char **argv;
-{
- char realm[REALM_SZ + 1];
- register int code;
- char srvtab[MAXPATHLEN + 1];
-
- bzero(realm, sizeof(realm));
- bzero(srvtab, sizeof(srvtab));
-
- if (argc < 3 || argc > 5) {
- fprintf(stderr, "Usage: %s name instance [[realm] srvtab]\n",
- argv[0]);
- exit(1);
- }
-
- if (argc == 4)
- (void) strncpy(srvtab, argv[3], sizeof(srvtab) -1);
-
- if (argc == 5) {
- (void) strncpy(realm, argv[3], sizeof(realm) - 1);
- (void) strncpy(srvtab, argv[4], sizeof(srvtab) -1);
- }
-
- if (srvtab[0] == 0)
- (void) strcpy(srvtab, KEYFILE);
-
- if (realm[0] == 0)
- if (krb_get_lrealm(realm, 1) != KSUCCESS)
- exit(1);
-
- code = krb_get_svc_in_tkt(argv[1], argv[2], realm,
- "krbtgt", realm, 1, srvtab);
- if (code)
- fprintf(stderr, "%s\n", krb_err_txt[code]);
- exit(code);
-}
diff --git a/kerberosIV/ksrvutil/Makefile b/kerberosIV/ksrvutil/Makefile
deleted file mode 100644
index 94dc17c2e2f..00000000000
--- a/kerberosIV/ksrvutil/Makefile
+++ /dev/null
@@ -1,21 +0,0 @@
-# $OpenBSD: Makefile,v 1.5 1997/12/17 07:50:16 art Exp $
-
-.include <bsd.obj.mk>
-
-SRCS= ksrvutil.c ksrvutil_get.c
-PROG= ksrvutil
-.if exists(${.CURDIR}/../kadm/${__objdir})
-CFLAGS+=-I${.CURDIR}/../kadm/${__objdir}
-.else
-CFLAGS+=-I${.CURDIR}/../kadm
-.endif
-.if exists(${.CURDIR}/../krb/${__objdir})
-CFLAGS+=-I${.CURDIR}/../krb/${__objdir}
-.else
-CFLAGS+=-I${.CURDIR}/../krb
-.endif
-LDADD+= -lkadm -lkrb -ldes -lcom_err
-DPADD+= ${LIBKADM} ${LIBKRB} ${LIBDES} ${LIBCOM_ERR}
-MAN= ksrvutil.8
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/ksrvutil/ksrvutil.8 b/kerberosIV/ksrvutil/ksrvutil.8
deleted file mode 100644
index 65227821d84..00000000000
--- a/kerberosIV/ksrvutil/ksrvutil.8
+++ /dev/null
@@ -1,124 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: ksrvutil.8,v 1.5 1998/02/25 15:51:51 art Exp $
-.TH KSRVUTIL 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-ksrvutil \- host kerberos keyfile (srvtab) manipulation utility
-.SH SYNOPSIS
-ksrvutil
-.B operation
-[
-.B \-k
-] [
-.B \-i
-] [
-.B \-a
-] [
-.B \-f filename
-]
-.SH DESCRIPTION
-.I ksrvutil
-allows a system manager to list or change keys currently in his
-keyfile or to add new keys to the keyfile.
-.PP
-
-Operation must be one of the following:
-.TP 10n
-.I list
-lists the keys in a keyfile showing version number and principal
-name. If the \-k option is given, keys will also be shown.
-.TP 10n
-.I change
-changes all the keys in the keyfile by using the regular admin
-protocol. If the \-i flag is given,
-.I ksrvutil
-will prompt for yes or no before changing each key. If the \-k
-option is used, the old and new keys will be displayed.
-.TP 10n
-.I add
-allows the user to add a key.
-.I add
-prompts for name, instance, realm, and key version number, asks
-for confirmation, and then asks for a password.
-.I ksrvutil
-then converts the password to a key and appends the keyfile with
-the new information. If the \-k option is used, the key is
-displayed.
-
-.PP
-In all cases, the default file used is KEY_FILE as defined in
-krb.h unless this is overridden by the \-f option.
-
-.PP
-A good use for
-.I ksrvutil
-would be for adding keys to a keyfile. A system manager could
-ask a kerberos administrator to create a new service key with
-.IR kadmin (8)
-and could supply an initial password. Then, he could use
-.I ksrvutil
-to add the key to the keyfile and then to change the key so that
-it will be random and unknown to either the system manager or
-the kerberos administrator.
-
-.PP
-If the \-a option is given,
-.I ksrvutil
-uses the AFS string-to-key function. Use this if you are running
-an AFS kaserver.
-
-.PP
-.I ksrvutil
-always makes a backup copy of the keyfile before making any
-changes.
-
-.SH DIAGNOSTICS
-If
-.I ksrvutil
-should exit on an error condition at any time during a change or
-add, a copy of the
-original keyfile can be found in
-.IR filename .old
-where
-.I filename
-is the name of the keyfile, and a copy of the file with all new
-keys changed or added so far can be found in
-.IR filename .work.
-The original keyfile is left unmodified until the program exits
-at which point it is removed and replaced it with the workfile.
-Appending the workfile to the backup copy and replacing the
-keyfile with the result should always give a usable keyfile,
-although the resulting keyfile will have some out of date keys
-in it.
-
-.SH SEE ALSO
-kadmin(8), ksrvtgt(1)
-
-.SH AUTHOR
-Emanuel Jay Berkenbilt, MIT Project Athena
diff --git a/kerberosIV/ksrvutil/ksrvutil.c b/kerberosIV/ksrvutil/ksrvutil.c
deleted file mode 100644
index 5fd37b25fb8..00000000000
--- a/kerberosIV/ksrvutil/ksrvutil.c
+++ /dev/null
@@ -1,612 +0,0 @@
-/* $OpenBSD: ksrvutil.c,v 1.6 1999/05/23 17:19:24 aaron Exp $ */
-/* $KTH: ksrvutil.c,v 1.39 1997/05/02 14:28:52 assar Exp $ */
-
-/*
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * list and update contents of srvtab files
- */
-
-/*
- * ksrvutil
- * list and update the contents of srvtab files
- */
-
-#include "kadm_locl.h"
-
-#include "ksrvutil.h"
-
-#ifdef NOENCRYPTION
-#define read_long_pw_string placebo_read_pw_string
-#else /* NOENCRYPTION */
-#define read_long_pw_string des_read_pw_string
-#endif /* NOENCRYPTION */
-
-#define SRVTAB_MODE 0600 /* rw------- */
-#define PAD " "
-#define VNO_HEADER "Version"
-#define VNO_FORMAT "%4d "
-#define KEY_HEADER " Key " /* 17 characters long */
-#define PRINC_HEADER " Principal\n"
-#define PRINC_FORMAT "%s"
-
-char u_name[ANAME_SZ];
-char u_inst[INST_SZ];
-char u_realm[REALM_SZ];
-
-char progname[] = "ksrvutil";
-
-int destroyp = FALSE; /* Should the ticket file be destroyed? */
-
-static unsigned short
-get_mode(char *filename)
-{
- struct stat statbuf;
- unsigned short mode;
-
- memset(&statbuf, 0, sizeof(statbuf));
-
- if (stat(filename, &statbuf) < 0)
- mode = SRVTAB_MODE;
- else
- mode = statbuf.st_mode;
-
- return(mode);
-}
-
-static void
-copy_keyfile(char *keyfile, char *backup_keyfile)
-{
- int keyfile_fd;
- int backup_keyfile_fd;
- int keyfile_mode;
- char buf[BUFSIZ]; /* for copying keyfiles */
- int rcount; /* for copying keyfiles */
- int try_again;
-
- memset(buf, 0, sizeof(buf));
-
- do {
- try_again = FALSE;
- if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) {
- if (errno != ENOENT)
- err (1, "read %s", keyfile);
- else {
- try_again = TRUE;
- if ((keyfile_fd =
- open(keyfile,
- O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0)
- err(1, "create %s", keyfile);
- else
- if (close(keyfile_fd) < 0)
- err (1, "close %s", keyfile);
- }
- }
- } while(try_again);
-
- keyfile_mode = get_mode(keyfile);
-
- if ((backup_keyfile_fd =
- open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT,
- keyfile_mode)) < 0)
- err (1, "write %s", backup_keyfile);
- do {
- if ((rcount = read(keyfile_fd, buf, sizeof(buf))) < 0)
- err (1, "read %s", keyfile);
- if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount))
- err (1, "write %s", backup_keyfile);
- } while (rcount);
- if (close(backup_keyfile_fd) < 0)
- err(1, "close %s", backup_keyfile);
- if (close(keyfile_fd) < 0)
- err(1, "close %s", keyfile);
-}
-
-void
-leave(char *str, int x)
-{
- if (str)
- fprintf(stderr, "%s\n", str);
- if (destroyp)
- dest_tkt();
- exit(x);
-}
-
-void
-safe_read_stdin(char *prompt, char *buf, size_t size)
-{
- printf("%s", prompt);
- fflush(stdout);
- memset(buf, 0, size);
- if (read(0, buf, size - 1) < 0) {
- warn("read stdin");
- leave(NULL, 1);
- }
- buf[strlen(buf)-1] = 0;
-}
-
-void
-safe_write(char *filename, int fd, void *buf, size_t len)
-{
- if (write(fd, buf, len) != len) {
- warn("write %s", filename);
- close(fd);
- leave("In progress srvtab in this file.", 1);
- }
-}
-
-static int
-yes_no(char *string, int dflt)
-{
- char ynbuf[5];
-
- printf("%s (y,n) [%c]", string, dflt?'y':'n');
- for (;;) {
- safe_read_stdin("", ynbuf, sizeof(ynbuf));
-
- if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N'))
- return(0);
- else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y'))
- return(1);
- else if(ynbuf[0] == 0)
- return dflt;
- else {
- printf("Please enter 'y' or 'n': ");
- fflush(stdout);
- }
- }
-}
-
-int yn(char *string)
-{
- return yes_no(string, 1);
-}
-
-int ny(char *string)
-{
- return yes_no(string, 0);
-}
-
-static void
-append_srvtab(char *filename, int fd, char *sname, char *sinst, char *srealm, unsigned char key_vno, unsigned char *key)
-{
- /* Add one to append null */
- safe_write(filename, fd, sname, strlen(sname) + 1);
- safe_write(filename, fd, sinst, strlen(sinst) + 1);
- safe_write(filename, fd, srealm, strlen(srealm) + 1);
- safe_write(filename, fd, &key_vno, 1);
- safe_write(filename, fd, key, sizeof(des_cblock));
- fsync(fd);
-}
-
-static void
-print_key(unsigned char *key)
-{
- int i;
-
- for (i = 0; i < 4; i++)
- printf("%02x", key[i]);
- printf(" ");
- for (i = 4; i < 8; i++)
- printf("%02x", key[i]);
-}
-
-static void
-print_name(char *name, char *inst, char *realm)
-{
- printf("%s", krb_unparse_name_long(name, inst, realm));
-}
-
-static int
-get_svc_new_key(des_cblock *new_key, char *sname, char *sinst,
- char *srealm, char *keyfile)
-{
- int status = KADM_SUCCESS;
-
- if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME,
- KADM_SINST, 1, keyfile)) == KSUCCESS) &&
- ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, srealm)) ==
- KADM_SUCCESS)) {
-#ifdef NOENCRYPTION
- memset(new_key, 0, sizeof(des_cblock));
- (*new_key)[0] = (unsigned char) 1;
-#else /* NOENCRYPTION */
- des_new_random_key(new_key);
-#endif /* NOENCRYPTION */
- return(KADM_SUCCESS);
- }
-
- return(status);
-}
-
-static void
-get_key_from_password(des_cblock (*key), char *cellname)
-{
- char password[MAX_KPW_LEN]; /* storage for the password */
-
- if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1))
- leave("Error reading password.", 1);
-
-#ifdef NOENCRYPTION
- memset(key, 0, sizeof(des_cblock));
- (*key)[0] = (unsigned char) 1;
-#else /* NOENCRYPTION */
- if (strlen(cellname) == 0)
- des_string_to_key(password, key);
- else
- afs_string_to_key(password, cellname, key);
-#endif /* NOENCRYPTION */
- memset(password, 0, sizeof(password));
-}
-
-static void
-usage(void)
-{
- fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] ");
- fprintf(stderr, "[-p principal] [-r realm] ");
- fprintf(stderr, "[-c AFS cellname] ");
- fprintf(stderr, "{list | change | add | get}\n");
- fprintf(stderr, " -i causes the program to ask for ");
- fprintf(stderr, "confirmation before changing keys.\n");
- fprintf(stderr, " -k causes the key to printed for list or ");
- fprintf(stderr, "change.\n");
- exit(1);
-}
-
-int
-main(int argc, char **argv)
-{
- char sname[ANAME_SZ]; /* name of service */
- char sinst[INST_SZ]; /* instance of service */
- char srealm[REALM_SZ]; /* realm of service */
- unsigned char key_vno; /* key version number */
- int status; /* general purpose error status */
- des_cblock new_key;
- des_cblock old_key;
- char change_tkt[MAXPATHLEN]; /* Ticket to use for key change */
- char keyfile[MAXPATHLEN]; /* Original keyfile */
- char work_keyfile[MAXPATHLEN]; /* Working copy of keyfile */
- char backup_keyfile[MAXPATHLEN]; /* Backup copy of keyfile */
- unsigned short keyfile_mode; /* Protections on keyfile */
- int work_keyfile_fd = -1; /* Initialize so that */
- int backup_keyfile_fd = -1; /* compiler doesn't complain */
- char local_realm[REALM_SZ]; /* local kerberos realm */
- char cellname[1024]; /* AFS cell name */
- int c;
- int interactive = FALSE;
- int list = FALSE;
- int change = FALSE;
- int add = FALSE;
- int get = FALSE;
- int key = FALSE; /* do we show keys? */
- int arg_entered = FALSE;
- int change_this_key = FALSE;
- char databuf[BUFSIZ];
- int first_printed = FALSE; /* have we printed the first item? */
-
- memset(sname, 0, sizeof(sname));
- memset(sinst, 0, sizeof(sinst));
- memset(srealm, 0, sizeof(srealm));
-
- memset(change_tkt, 0, sizeof(change_tkt));
- memset(keyfile, 0, sizeof(keyfile));
- memset(work_keyfile, 0, sizeof(work_keyfile));
- memset(backup_keyfile, 0, sizeof(backup_keyfile));
- memset(local_realm, 0, sizeof(local_realm));
- memset(cellname, 0, sizeof(cellname));
-
- if (krb_get_default_principal(u_name, u_inst, u_realm) < 0)
- errx (1, "could not get default principal");
-
- /* This is used only as a default for adding keys */
- if (krb_get_lrealm(local_realm, 1) != KSUCCESS) {
- strncpy(local_realm, KRB_REALM, REALM_SZ - 1);
- local_realm[REALM_SZ - 1] = '\0';
- }
-
- while((c = getopt(argc, argv, "ikc:f:p:r:")) != -1) {
- switch (c) {
- case 'i':
- interactive++;
- break;
- case 'k':
- key++;
- break;
- case 'c':
- strcpy(cellname, optarg);
- break;
- case 'f':
- strcpy(keyfile, optarg);
- break;
- case 'p':
- if((status = kname_parse (u_name, u_inst, u_realm, optarg)) !=
- KSUCCESS)
- errx (1, "principal %s: %s", optarg,
- krb_get_err_text(status));
- break;
- case 'r':
- strcpy(u_realm, optarg);
- break;
- case '?':
- usage();
- }
- }
- if (optind >= argc)
- usage();
- if (*u_realm == '\0')
- strcpy (u_realm, local_realm);
- if (strcmp(argv[optind], "list") == 0) {
- if (arg_entered)
- usage();
- else {
- arg_entered++;
- list++;
- }
- }
- else if (strcmp(argv[optind], "change") == 0) {
- if (arg_entered)
- usage();
- else {
- arg_entered++;
- change++;
- }
- }
- else if (strcmp(argv[optind], "add") == 0) {
- if (arg_entered)
- usage();
- else {
- arg_entered++;
- add++;
- }
- }
- else if (strcmp(argv[optind], "get") == 0) {
- if (arg_entered)
- usage();
- else {
- arg_entered++;
- get++;
- }
- }
- else
- usage();
- ++optind;
-
- if (!arg_entered)
- usage();
-
- if (!keyfile[0])
- strcpy(keyfile, KEYFILE);
-
- strcpy(work_keyfile, keyfile);
- strcpy(backup_keyfile, keyfile);
-
- if (change || add || get) {
- strcat(work_keyfile, ".work");
- strcat(backup_keyfile, ".old");
-
- copy_keyfile(keyfile, backup_keyfile);
- }
-
- if (add || get)
- copy_keyfile(backup_keyfile, work_keyfile);
-
- keyfile_mode = get_mode(keyfile);
-
- if (change || list)
- if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0)
- err (1, "open %s", backup_keyfile);
-
- if (change) {
- if ((work_keyfile_fd =
- open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC,
- SRVTAB_MODE)) < 0)
- err (1, "creat %s", work_keyfile);
- }
- else if (add) {
- if ((work_keyfile_fd =
- open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0)
- err (1, "open with append %s", work_keyfile );
- }
- else if (get) {
- if ((work_keyfile_fd =
- open(work_keyfile, O_RDWR | O_CREAT, SRVTAB_MODE)) < 0)
- err (1, "open for writing %s", work_keyfile);
- }
-
- if (change || list) {
- while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) &&
- (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) &&
- (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) &&
- (read(backup_keyfile_fd, &key_vno, 1) > 0) &&
- (read(backup_keyfile_fd, old_key, sizeof(old_key)) > 0)) {
- if (list) {
- if (!first_printed) {
- printf(VNO_HEADER);
- printf(PAD);
- if (key) {
- printf(KEY_HEADER);
- printf(PAD);
- }
- printf(PRINC_HEADER);
- first_printed = 1;
- }
- printf(VNO_FORMAT, key_vno);
- printf(PAD);
- if (key) {
- print_key(old_key);
- printf(PAD);
- }
- print_name(sname, sinst, srealm);
- printf("\n");
- }
- else if (change) {
- snprintf(change_tkt, sizeof(change_tkt),
- TKT_ROOT "_ksrvutil.%u",
- (unsigned)getpid());
- krb_set_tkt_string(change_tkt);
- destroyp = TRUE;
-
- printf("\nPrincipal: ");
- print_name(sname, sinst, srealm);
- printf("; version %d\n", key_vno);
- if (interactive)
- change_this_key = yn("Change this key?");
- else if (change)
- change_this_key = 1;
- else
- change_this_key = 0;
-
- if (change_this_key)
- printf("Changing to version %d.\n", key_vno + 1);
- else if (change)
- printf("Not changing this key.\n");
-
- if (change_this_key) {
- /*
- * This is not a good choice of seed when/if the
- * key has been compromised so we also use a
- * random sequence number!
- */
- des_init_random_number_generator(&old_key);
-#if 0 /* kth-krb has own addidtions to libdes */
- {
- des_cblock seqnum;
- des_generate_random_block(&seqnum);
- des_set_sequence_number((unsigned char *)&seqnum);
- }
-#endif
- /*
- * Pick a new key and determine whether or not
- * it is safe to change
- */
- if ((status =
- get_svc_new_key(&new_key, sname, sinst,
- srealm, keyfile)) == KADM_SUCCESS)
- key_vno++;
- else {
- memcpy(new_key, old_key, sizeof(new_key));
- warnx ("Key NOT changed: %s\n",
- krb_get_err_text(status));
- change_this_key = FALSE;
- }
- }
- else
- memcpy(new_key, old_key, sizeof(new_key));
- append_srvtab(work_keyfile, work_keyfile_fd,
- sname, sinst, srealm, key_vno, new_key);
- if (key && change_this_key) {
- printf("Old key: ");
- print_key(old_key);
- printf("; new key: ");
- print_key(new_key);
- printf("\n");
- }
- if (change_this_key) {
- if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) {
- printf("Key changed.\n");
- dest_tkt();
- }
- else {
- com_err(progname, status,
- " attempting to change password.");
- dest_tkt();
- /* XXX This knows the format of a keyfile */
- if (lseek(work_keyfile_fd, -9, SEEK_CUR) >= 0) {
- key_vno--;
- safe_write(work_keyfile,
- work_keyfile_fd, &key_vno, 1);
- safe_write(work_keyfile, work_keyfile_fd,
- old_key, sizeof(des_cblock));
- fsync(work_keyfile_fd);
- fprintf(stderr,"Key NOT changed.\n");
- } else {
- warn ("Unable to revert keyfile");
- leave("", 1);
- }
- }
- }
- }
- memset(old_key, 0, sizeof(des_cblock));
- memset(new_key, 0, sizeof(des_cblock));
- }
- }
- else if (add) {
- do {
- do {
- safe_read_stdin("Name: ", databuf, sizeof(databuf));
- strncpy(sname, databuf, sizeof(sname) - 1);
- sname[sizeof(sname) - 1] = '\0';
- if (strchr(sname, '.') != 0) {
- strncpy(sinst, strchr(sname, '.') + 1, sizeof(sinst) - 1);
- sinst[sizeof(sinst) - 1] = '\0';
- *(strchr(sname, '.')) = 0;
- } else {
- safe_read_stdin("Instance: ", databuf, sizeof(databuf));
- strncpy(sinst, databuf, sizeof(sinst) - 1);
- sinst[sizeof(sinst) - 1] = '\0';
- }
- safe_read_stdin("Realm: ", databuf, sizeof(databuf));
- strncpy(srealm, databuf, sizeof(srealm) - 1);
- srealm[sizeof(srealm) - 1] = '\0';
- safe_read_stdin("Version number: ", databuf, sizeof(databuf));
- key_vno = atoi(databuf);
- if (key_vno == 0)
- key_vno = 1; /* Version numbers are never 0 */
- if (!srealm[0]) {
- strncpy(srealm, local_realm, sizeof(srealm) - 1);
- srealm[sizeof(srealm) - 1] = '\0';
- }
- printf("New principal: ");
- print_name(sname, sinst, srealm);
- printf("; version %d\n", key_vno);
- } while (!yn("Is this correct?"));
- get_key_from_password(&new_key, cellname);
- if (key) {
- printf("Key: ");
- print_key(new_key);
- printf("\n");
- }
- append_srvtab(work_keyfile, work_keyfile_fd,
- sname, sinst, srealm, key_vno, new_key);
- printf("Key successfully added.\n");
- } while (yn("Would you like to add another key?"));
- }
- else if (get) {
- ksrvutil_get(work_keyfile_fd, work_keyfile,
- argc - optind, argv + optind);
- }
-
- if (change || list)
- if (close(backup_keyfile_fd) < 0)
- warn ("close %s", backup_keyfile);
-
- if (change || add || get) {
- if (close(work_keyfile_fd) < 0)
- err (1, "close %s", work_keyfile);
- if (rename(work_keyfile, keyfile) < 0)
- err (1, "rename(%s, %s)", work_keyfile, keyfile);
- chmod(backup_keyfile, keyfile_mode);
- chmod(keyfile, keyfile_mode);
- printf("Old keyfile in %s.\n", backup_keyfile);
- }
- return 0;
-}
diff --git a/kerberosIV/ksrvutil/ksrvutil_get.c b/kerberosIV/ksrvutil/ksrvutil_get.c
deleted file mode 100644
index b199e713077..00000000000
--- a/kerberosIV/ksrvutil/ksrvutil_get.c
+++ /dev/null
@@ -1,429 +0,0 @@
-/* $OpenBSD: ksrvutil_get.c,v 1.1 1997/12/17 07:50:17 art Exp $ */
-/* $KTH: ksrvutil_get.c,v 1.35 1997/12/05 04:27:02 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kadm_locl.h"
-#include "ksrvutil.h"
-
-#define BAD_PW 1
-#define GOOD_PW 0
-#define FUDGE_VALUE 15 /* for ticket expiration time */
-#define PE_NO 0
-#define PE_YES 1
-#define PE_UNSURE 2
-
-static char tktstring[128];
-
-static int
-princ_exists(char *name, char *instance, char *realm)
-{
- int status;
-
- status = krb_get_pw_in_tkt(name, instance, realm,
- KRB_TICKET_GRANTING_TICKET,
- realm, 1, "");
-
- if ((status == KSUCCESS) || (status == INTK_BADPW))
- return(PE_YES);
- else if (status == KDC_PR_UNKNOWN)
- return(PE_NO);
- else
- return(PE_UNSURE);
-}
-
-static int
-get_admin_password(char *myname, char *myinst, char *myrealm)
-{
- int status;
- char admin_passwd[MAX_KPW_LEN]; /* Admin's password */
- int ticket_life = 1; /* minimum ticket lifetime */
- char buf[1024];
- CREDENTIALS c;
-
- if (princ_exists(myname, myinst, myrealm) != PE_NO) {
- snprintf(buf, sizeof(buf), "Password for %s: ",
- krb_unparse_name_long (myname, myinst, myrealm));
- if (des_read_pw_string(admin_passwd, sizeof(admin_passwd)-1,
- buf, 0)) {
- fprintf(stderr, "Error reading admin password.\n");
- goto bad;
- }
- status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME,
- KADM_SINST, ticket_life, admin_passwd);
- memset(admin_passwd, 0, sizeof(admin_passwd));
-
- /* Initialize non shared random sequence from session key. */
- memset(&c, 0, sizeof(c));
- krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c);
- des_init_random_number_generator(&c.session);
- }
- else
- status = KDC_PR_UNKNOWN;
-
- switch(status) {
- case GT_PW_OK:
- return(GOOD_PW);
- case KDC_PR_UNKNOWN:
- printf("Principal %s does not exist.\n",
- krb_unparse_name_long(myname, myinst, myrealm));
- goto bad;
- case GT_PW_BADPW:
- printf("Incorrect admin password.\n");
- goto bad;
- default:
- com_err("kadmin", status+krb_err_base,
- "while getting password tickets");
- goto bad;
- }
-
-bad:
- memset(admin_passwd, 0, sizeof(admin_passwd));
- dest_tkt();
- return(BAD_PW);
-}
-
-static void
-srvtab_put_key (int fd, char *filename, char *name, char *inst, char *realm,
- int8_t kvno, des_cblock key)
-{
- char sname[ANAME_SZ]; /* name of service */
- char sinst[INST_SZ]; /* instance of service */
- char srealm[REALM_SZ]; /* realm of service */
- int8_t skvno;
- des_cblock skey;
-
- lseek(fd, 0, SEEK_SET);
-
- while(getst(fd, sname, SNAME_SZ) > 0 &&
- getst(fd, sinst, INST_SZ) > 0 &&
- getst(fd, srealm, REALM_SZ) > 0 &&
- read(fd, &skvno, sizeof(skvno)) > 0 &&
- read(fd, skey, sizeof(skey)) > 0) {
- if(strcmp(name, sname) == 0 &&
- strcmp(inst, sinst) == 0 &&
- strcmp(realm, srealm) == 0) {
- lseek(fd, lseek(fd,0,SEEK_CUR)-(sizeof(skvno) + sizeof(skey)), SEEK_SET);
- safe_write(filename, fd, &kvno, sizeof(kvno));
- safe_write(filename, fd, key, sizeof(des_cblock));
- return;
- }
- }
- safe_write(filename, fd, name, strlen(name) + 1);
- safe_write(filename, fd, inst, strlen(inst) + 1);
- safe_write(filename, fd, realm, strlen(realm) + 1);
- safe_write(filename, fd, &kvno, sizeof(kvno));
- safe_write(filename, fd, key, sizeof(des_cblock));
-}
-
-/*
- * node list of services
- */
-
-struct srv_ent{
- char name[SNAME_SZ];
- char inst[INST_SZ];
- char realm[REALM_SZ];
- struct srv_ent *next;
-};
-
-static int
-key_to_key(char *user, char *instance, char *realm, void *arg,
- des_cblock *key)
-{
- memcpy(key, arg, sizeof(des_cblock));
- return 0;
-}
-
-static void
-get_srvtab_ent(int fd, char *filename, char *name, char *inst, char *realm)
-{
- char chname[128];
- des_cblock newkey;
- char old_tktfile[MAXPATHLEN], new_tktfile[MAXPATHLEN];
- char garbage_name[ANAME_SZ];
- char garbage_inst[ANAME_SZ];
- CREDENTIALS c;
- u_int8_t kvno;
- Kadm_vals values;
- int ret;
-
- strncpy(chname, krb_get_phost(inst), sizeof(chname) - 1);
- chname[sizeof(chname) - 1] = '\0';
- if(strcmp(inst, chname))
- fprintf(stderr,
- "Warning: Are you sure `%s' should not be `%s'?\n",
- inst, chname);
-
- memset(&values, 0, sizeof(values));
- strncpy(values.name, name, ANAME_SZ - 1);
- values.name[ANAME_SZ - 1] = '\0';
- strncpy(values.instance, inst, INST_SZ - 1);
- values.instance[INST_SZ - 1] = '\0';
- des_new_random_key(&newkey);
- values.key_low = (newkey[0] << 24) | (newkey[1] << 16)
- | (newkey[2] << 8) | (newkey[3] << 0);
- values.key_high = (newkey[4] << 24) | (newkey[5] << 16)
- | (newkey[6] << 8) | (newkey[7] << 0);
-
- SET_FIELD(KADM_NAME,values.fields);
- SET_FIELD(KADM_INST,values.fields);
- SET_FIELD(KADM_DESKEY,values.fields);
-
- ret = kadm_mod(&values, &values);
- if(ret == KADM_NOENTRY)
- ret = kadm_add(&values);
- if (ret != KSUCCESS) {
- warnx ("Couldn't get srvtab entry for %s.%s: %s",
- name, inst, error_message(ret));
- return;
- }
-
- values.key_low = values.key_high = 0;
-
- /* get the key version number */
-
- {
- int old = krb_use_admin_server(1);
- strncpy(old_tktfile, tkt_string(), sizeof(old_tktfile) - 1);
- old_tktfile[sizeof(old_tktfile) - 1] = '\0';
- snprintf(new_tktfile, sizeof(new_tktfile),
- TKT_ROOT "_ksrvutil-get.%u",
- (unsigned)getpid());
- krb_set_tkt_string(new_tktfile);
-
- ret = krb_get_in_tkt(name, inst, realm, name, inst,
- 1, key_to_key, NULL, &newkey);
- krb_use_admin_server(old);
- }
-
- if (ret == KSUCCESS &&
- (ret = tf_init(tkt_string(), R_TKT_FIL)) == KSUCCESS &&
- (ret = tf_get_pname(garbage_name)) == KSUCCESS &&
- (ret = tf_get_pinst(garbage_inst)) == KSUCCESS &&
- (ret = tf_get_cred(&c)) == KSUCCESS)
- kvno = c.kvno;
- else {
- warnx ("Could not find the cred in the ticket file");
- return;
- }
-
- tf_close();
- krb_set_tkt_string(old_tktfile);
- unlink(new_tktfile);
-
- if(ret != KSUCCESS) {
- memset(&newkey, 0, sizeof(newkey));
- warnx ("Could not get a ticket for %s: %s\n",
- krb_unparse_name_long(name, inst, realm),
- krb_get_err_text(ret));
- return;
- }
-
- /* Write the new key & c:o to the srvtab file */
-
- srvtab_put_key (fd, filename, name, inst, realm, kvno, newkey);
- memset(&newkey, 0, sizeof(newkey));
-
- fprintf (stderr, "Added %s\n", krb_unparse_name_long (name, inst, realm));
-}
-
-static void
-ksrvutil_kadm(int fd, char *filename, struct srv_ent *p)
-{
- int ret;
- CREDENTIALS c;
-
- ret = kadm_init_link(PWSERV_NAME, KADM_SINST, u_realm);
- if (ret != KADM_SUCCESS) {
- warnx("Couldn't initialize kadmin link: %s", error_message(ret));
- leave(NULL, 1);
- }
-
- ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c);
- if (ret == KSUCCESS)
- des_init_random_number_generator (&c.session);
- else {
- umask(077);
-
- /*
- * create ticket file and get admin tickets
- */
- snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_ksrvutil_%d", (int)getpid());
- krb_set_tkt_string(tktstring);
- destroyp = TRUE;
-
- ret = get_admin_password(u_name, u_inst, u_realm);
- if (ret) {
- warnx("Couldn't get admin password.");
- leave(NULL, 1);
- }
- }
- for(;p;){
- get_srvtab_ent(fd, filename, p->name, p->inst, p->realm);
- p=p->next;
- }
- unlink(tktstring);
-}
-
-static void
-parseinput (char *result, size_t sz, char *val, char *def)
-{
- char *lim;
- int inq;
-
- if (val[0] == '\0') {
- strncpy (result, def, sz-1);
- result[sz - 1] = '\0';
- return;
- }
- lim = result + sz - 1;
- inq = 0;
- while(*val && result < lim) {
- switch(*val) {
- case '\'' :
- inq = !inq;
- ++val;
- break;
- case '\\' :
- if(!inq)
- val++;
- default:
- *result++ = *val++;
- break;
- }
- }
- *result = '\0';
-}
-
-void
-ksrvutil_get(int fd, char *filename, int argc, char **argv)
-{
- char sname[ANAME_SZ]; /* name of service */
- char sinst[INST_SZ]; /* instance of service */
- char srealm[REALM_SZ]; /* realm of service */
- char databuf[BUFSIZ];
- char local_hostname[MAXHOSTNAMELEN];
- char prompt[100];
- struct srv_ent *head=NULL;
- int i;
-
- gethostname(local_hostname, sizeof(local_hostname));
- strncpy(local_hostname,
- krb_get_phost(local_hostname),
- sizeof(local_hostname) - 1);
- local_hostname[sizeof(local_hostname) - 1] = '\0';
-
- if (argc)
- for(i=0; i < argc; ++i) {
- struct srv_ent *p=malloc(sizeof(*p));
-
- if(p == NULL) {
- warnx ("out of memory in malloc");
- leave(NULL,1);
- }
- p->next = head;
- strncpy (p->realm, u_realm, REALM_SZ - 1);
- p->realm[REALM_SZ - 1] = '\0';
- if (kname_parse (p->name, p->inst, p->realm, argv[i]) !=
- KSUCCESS) {
- warnx ("parse error on '%s'\n", argv[i]);
- free(p);
- p = NULL;
- continue;
- }
- if (p->name[0] == '\0') {
- strncpy(p->name, "rcmd", ANAME_SZ - 1);
- p->name[ANAME_SZ - 1] = '\0';
- }
- if (p->inst[0] == '\0') {
- strncpy(p->inst, local_hostname, INST_SZ - 1);
- p->inst[INST_SZ - 1] = '\0';
- }
- if (p->realm[0] == '\0') {
- strncpy(p->realm, u_realm, REALM_SZ - 1);
- p->realm[REALM_SZ - 1] = '\0';
- }
- head = p;
- }
-
- else
- do{
- safe_read_stdin("Name [rcmd]: ", databuf, sizeof(databuf));
- parseinput (sname, sizeof(sname), databuf, "rcmd");
-
- snprintf(prompt, sizeof(prompt), "Instance [%s]: ", local_hostname);
- safe_read_stdin(prompt, databuf, sizeof(databuf));
- parseinput (sinst, sizeof(sinst), databuf, local_hostname);
-
- snprintf(prompt, sizeof(prompt), "Realm [%s]: ", u_realm);
- safe_read_stdin(prompt, databuf, sizeof(databuf));
- parseinput (srealm, sizeof(srealm), databuf, u_realm);
-
- if(yn("Is this correct?")){
- struct srv_ent *p=(struct srv_ent*)malloc(sizeof(struct srv_ent));
- if (p == NULL) {
- warnx ("out of memory in malloc");
- leave(NULL,1);
- }
- p->next=head;
- head=p;
- strncpy(p->name, sname, ANAME_SZ - 1);
- p->name[ANAME_SZ - 1] = '\0';
- strncpy(p->inst, sinst, INST_SZ - 1);
- p->inst[INST_SZ - 1] = '\0';
- strncpy(p->realm, srealm, REALM_SZ - 1);
- p->realm[REALM_SZ - 1] = '\0';
- }
- }while(ny("Add more keys?"));
-
-
- ksrvutil_kadm(fd, filename, head);
-
- {
- struct srv_ent *p=head, *q;
- while(p){
- q=p;
- p=p->next;
- free(q);
- q = NULL;
- }
- }
-
-}
diff --git a/kerberosIV/kstash/Makefile b/kerberosIV/kstash/Makefile
deleted file mode 100644
index da8233be4bc..00000000000
--- a/kerberosIV/kstash/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.1 1995/12/14 06:52:41 tholo Exp $
-
-PROG= kstash
-DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES}
-LDADD= -lkdb -lkrb -ldes
-MAN= kstash.8
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/kstash/kstash.8 b/kerberosIV/kstash/kstash.8
deleted file mode 100644
index 8d9c7b4f61c..00000000000
--- a/kerberosIV/kstash/kstash.8
+++ /dev/null
@@ -1,63 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kstash.8,v 1.4 1998/02/25 15:51:53 art Exp $
-.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kstash \- stash Kerberos key distribution center database master key
-.SH SYNOPSIS
-kstash
-.SH DESCRIPTION
-.I kstash
-saves the Kerberos key distribution center (KDC) database master key in
-the master key cache file.
-.PP
-The user is prompted to enter the key, to verify the authenticity of the
-key and the authorization to store the key in the file.
-.SH DIAGNOSTICS
-.TP 20n
-"verify_master_key: Invalid master key, does not match database."
-The master key string entered was incorrect.
-.TP
-"kstash: Unable to open master key file"
-The attempt to open the cache file for writing failed (probably due to a
-system or access permission error).
-.TP
-"kstash: Write I/O error on master key file"
-The
-.BR write (2)
-system call returned an error while
-.I kstash
-was attempting to write the key to the file.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.pag, /etc/kerberosIV/principal.dir
-DBM files containing database
-.TP
-/etc/kerberosIV/master_key
-Master key cache file.
diff --git a/kerberosIV/kstash/kstash.c b/kerberosIV/kstash/kstash.c
deleted file mode 100644
index 7ec0a7f903d..00000000000
--- a/kerberosIV/kstash/kstash.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/* $OpenBSD: kstash.c,v 1.3 1998/02/18 11:54:09 art Exp $ */
-/* $KTH: kstash.c,v 1.10 1997/03/30 17:35:37 assar Exp $ */
-
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- * of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose. It is
- * provided "as is" without express or implied warranty.
- */
-
-#include "adm_locl.h"
-
-/* change this later, but krblib_dbm needs it for now */
-
-static des_cblock master_key;
-static des_key_schedule master_key_schedule;
-
-static void
-clear_secrets(void)
-{
- memset(master_key_schedule, 0, sizeof(master_key_schedule));
- memset(master_key, 0, sizeof(master_key));
-}
-
-static char progname[] = "kstash";
-
-int
-main(int argc, char **argv)
-{
- long n;
- int ret = 0;
-
- if (atexit(clear_secrets))
- errx(1, "Out of resources\n");
-
- if ((n = kerb_init()))
- errx(1, "Kerberos db and cache init failed = %ld\n", n);
-
- if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
- master_key_schedule) != 0) {
- errx(1, "Couldn't read master key.");
- }
-
- if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
- return 1;
- }
-
- ret = kdb_kstash(&master_key, MKEYFILE);
- if(ret < 0)
- warn("writing master key");
- else
- fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
-
- return ret;
-}
diff --git a/kerberosIV/man/Makefile b/kerberosIV/man/Makefile
deleted file mode 100644
index 19dc8a7f4a5..00000000000
--- a/kerberosIV/man/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-# from @(#)Makefile 8.1 (Berkeley) 6/1/93
-# $Id: Makefile,v 1.2 1996/01/29 19:18:49 tholo Exp $
-
-MAN= kerberos.1 krb.conf.5 krb.realms.5
-
-.include <bsd.prog.mk>
diff --git a/kerberosIV/man/kerberos.1 b/kerberosIV/man/kerberos.1
deleted file mode 100644
index 88c6aa0ba3e..00000000000
--- a/kerberosIV/man/kerberos.1
+++ /dev/null
@@ -1,283 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: kerberos.1,v 1.5 1998/02/25 15:51:54 art Exp $
-.TH KERBEROS 1 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kerberos \- introduction to the Kerberos system
-
-.SH DESCRIPTION
-For better documentation please check the info-files in /usr/share/info
-
-The
-Kerberos
-system authenticates
-individual users in a network environment.
-After authenticating yourself to
-Kerberos,
-you can use network utilities such as
-.IR rlogin ,
-.IR rcp ,
-and
-.IR rsh
-without
-having to present passwords to remote hosts and without having to bother
-with
-.I \.rhosts
-files.
-Note that these utilities will work without passwords only if
-the remote machines you deal with
-support the
-Kerberos
-system.
-All Athena timesharing machines and public workstations support
-Kerberos.
-.PP
-Before you can use
-Kerberos,
-you must register as an Athena user,
-and you must make sure you have been added to
-the
-Kerberos
-database.
-You can use the
-.I kinit
-command to find out.
-This command
-tries to log you into the
-Kerberos
-system.
-.I kinit
-will prompt you for a username and password.
-Enter your username and password.
-If the utility lets you login without giving you a message,
-you have already been registered.
-.PP
-If you enter your username and
-.I kinit
-responds with this message:
-.nf
-
-Principal unknown (kerberos)
-
-.fi
-you haven't been registered as a
-Kerberos
-user.
-See your system administrator.
-.PP
-A Kerberos name contains three parts.
-The first is the
-.I principal name,
-which is usually a user's or service's name.
-The second is the
-.I instance,
-which in the case of a user is usually null.
-Some users may have privileged instances, however,
-such as ``root'' or ``admin''.
-In the case of a service, the instance is the
-name of the machine on which it runs; i.e. there
-can be an
-.I rlogin
-service running on the machine ABC, which
-is different from the rlogin service running on
-the machine XYZ.
-The third part of a Kerberos name
-is the
-.I realm.
-The realm corresponds to the Kerberos service providing
-authentication for the principal.
-For example, at MIT there is a Kerberos running at the
-Laboratory for Computer Science and one running at
-Project Athena.
-.PP
-When writing a Kerberos name, the principal name is
-separated from the instance (if not null) by a period,
-and the realm (if not the local realm) follows, preceded by
-an ``@'' sign.
-The following are examples of valid Kerberos names:
-.sp
-.nf
-.in +8
-billb
-jis.admin
-srz@lcs.mit.edu
-treese.root@athena.mit.edu
-.in -8
-.fi
-.PP
-When you authenticate yourself with
-Kerberos,
-through either the workstation
-.I toehold
-system or the
-.I kinit
-command,
-Kerberos
-gives you an initial
-Kerberos
-.IR ticket .
-(A
-Kerberos
-ticket
-is an encrypted protocol message that provides authentication.)
-Kerberos
-uses this ticket for network utilities
-such as
-.I rlogin
-and
-.IR rcp .
-The ticket transactions are done transparently,
-so you don't have to worry about their management.
-.PP
-Note, however, that tickets expire.
-Privileged tickets, such as root instance tickets,
-expire in a few minutes, while tickets that carry more ordinary
-privileges may be good for several hours or a day, depending on the
-installation's policy.
-If your login session extends beyond the time limit,
-you will have to re-authenticate yourself to
-Kerberos
-to get new tickets.
-Use the
-.IR kinit
-command to re-authenticate yourself.
-.PP
-If you use the
-.I kinit
-command to get your tickets,
-make sure you use the
-.I kdestroy
-command
-to destroy your tickets before you end your login session.
-You should probably put the
-.I kdestroy
-command in your
-.I \.logout
-file so that your tickets will be destroyed automatically when you logout.
-For more information about the
-.I kinit
-and
-.I kdestroy
-commands,
-see the
-.I kinit(1)
-and
-.I kdestroy(1)
-manual pages.
-.PP
-Currently,
-Kerberos
-supports the following network services:
-.IR rlogin ,
-.IR rsh ,
-and
-.IR rcp .
-Other services are being worked on,
-such as the
-.IR pop
-mail system and NFS (network file system),
-but are not yet available.
-
-.SH "SEE ALSO"
-kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3),
-kadmin(8)
-.SH BUGS
-Kerberos
-will not do authentication forwarding.
-In other words,
-if you use
-.I rlogin
-to login to a remote host,
-you cannot use
-Kerberos
-services from that host
-until you authenticate yourself explicitly on that host.
-Although you may need to authenticate yourself on the remote
-host,
-be aware that when you do so,
-.I rlogin
-sends your password across the network in clear text.
-
-.SH AUTHORS
-Steve Miller, MIT Project Athena/Digital Equipment Corporation
-.br
-Clifford Neuman, MIT Project Athena
-
-The following people helped out on various aspects of the system:
-
-Jeff Schiller designed and wrote the administration server and its
-user interface, kadmin.
-He also wrote the dbm version of the database management system.
-
-Mark Colan developed the
-Kerberos
-versions of
-.IR rlogin ,
-.IR rsh ,
-and
-.IR rcp ,
-as well as contributing work on the servers.
-
-John Ostlund developed the
-Kerberos
-versions of
-.I passwd
-and
-.IR userreg .
-
-Stan Zanarotti pioneered Kerberos in a foreign realm (LCS),
-and made many contributions based on that experience.
-
-Many people contributed code and/or useful ideas, including
-Jim Aspnes,
-Bob Baldwin,
-John Barba,
-Richard Basch,
-Jim Bloom,
-Bill Bryant,
-Rob French,
-Dan Geer,
-David Jedlinsky,
-John Kohl,
-John Kubiatowicz,
-Bob McKie,
-Brian Murphy,
-Ken Raeburn,
-Chris Reed,
-Jon Rochlis,
-Mike Shanzer,
-Bill Sommerfeld,
-Jennifer Steiner,
-Ted Ts'o,
-and
-Win Treese.
-
-.SH RESTRICTIONS
-
-COPYRIGHT 1985,1986 Massachusetts Institute of Technology
diff --git a/kerberosIV/man/krb.conf.5 b/kerberosIV/man/krb.conf.5
deleted file mode 100644
index 406f5834db4..00000000000
--- a/kerberosIV/man/krb.conf.5
+++ /dev/null
@@ -1,77 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: krb.conf.5,v 1.9 1999/07/07 10:50:15 aaron Exp $
-.Dd June 15, 1999
-.Dt KRB.CONF 5
-.Os
-.Sh NAME
-.Nm krb.conf
-.Nd Kerberos configuration file
-.Sh DESCRIPTION
-.Nm
-contains configuration information describing the Kerberos realm and the
-Kerberos key distribution center (KDC) servers for known realms.
-.Pp
-The first line of
-.Nm
-contains the name of the local realm. If the first character in the first line
-is a hash sign
-.Pq Ql # ,
-then Kerberos authentication is disabled.
-.Pp
-Subsequent lines are of the form
-.Bd -ragged -offset indent
-.Fa realm
-.Fa KDC_server
-.Op admin server
-.Ed
-.Pp
-where
-.Fa realm
-is a Kerberos realm name and
-.Fa KDC_server
-is the name of a host running a KDC for
-.Fa realm .
-The words
-.Dq admin server
-following
-.Fa KDC_server
-indicate that the host also provides an administrative database server.
-.Sh EXAMPLES
-A krb.conf file for a host in the ATHENA.MIT.EDU realm might look like:
-.Bd -literal -offset indent
-ATHENA.MIT.EDU
-ATHENA.MIT.EDU kerberos-1.mit.edu admin server
-ATHENA.MIT.EDU kerberos-2.mit.edu
-LCS.MIT.EDU kerberos.lcs.mit.edu admin server
-.Ed
-.Sh SEE ALSO
-.Xr krb_get_krbhst 3 ,
-.Xr krb_get_lrealm 3 ,
-.Xr krb.realms 5
diff --git a/kerberosIV/man/krb.realms.5 b/kerberosIV/man/krb.realms.5
deleted file mode 100644
index b89a0b1cbc3..00000000000
--- a/kerberosIV/man/krb.realms.5
+++ /dev/null
@@ -1,64 +0,0 @@
-.\"
-.\" This source code is no longer held under any constraint of USA
-.\" `cryptographic laws' since it was exported legally. The cryptographic
-.\" functions were removed from the code and a "Bones" distribution was
-.\" made. A Commodity Jurisdiction Request #012-94 was filed with the
-.\" USA State Department, who handed it to the Commerce department. The
-.\" code was determined to fall under General License GTDA under ECCN 5D96G,
-.\" and hence exportable. The cryptographic interfaces were re-added by Eric
-.\" Young, and then KTH proceeded to maintain the code in the free world.
-.\"
-.\"Copyright (C) 1989 by the Massachusetts Institute of Technology
-.\"
-.\"Export of this software from the United States of America is assumed
-.\"to require a specific license from the United States Government.
-.\"It is the responsibility of any person or organization contemplating
-.\"export to obtain such a license before exporting.
-.\"
-.\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\"distribute this software and its documentation for any purpose and
-.\"without fee is hereby granted, provided that the above copyright
-.\"notice appear in all copies and that both that copyright notice and
-.\"this permission notice appear in supporting documentation, and that
-.\"the name of M.I.T. not be used in advertising or publicity pertaining
-.\"to distribution of the software without specific, written prior
-.\"permission. M.I.T. makes no representations about the suitability of
-.\"this software for any purpose. It is provided "as is" without express
-.\"or implied warranty.
-.\"
-.\" $OpenBSD: krb.realms.5,v 1.8 1999/07/07 10:50:15 aaron Exp $
-.Dd June 15, 1999
-.Dt KRB.REALMS 5
-.Os
-.Sh NAME
-.Nm krb.realms
-.Nd host to Kerberos realm translation file
-.Sh DESCRIPTION
-.Nm
-provides a translation from a hostname to the Kerberos realm name for
-the services provided by that host.
-.Pp
-Each line of the translation file is in one of the following forms
-.Pf ( Fa domain_name
-should be of the form .XXX.YYY, e.g. .LCS.MIT.EDU):
-.Bd -literal -offset indent
-host_name kerberos_realm
-domain_name kerberos_realm
-.Ed
-.Pp
-If a hostname exactly matches the
-.Fa host_name
-field in a line of the first form, the corresponding
-.Fa kerberos_realm
-is the realm of the host. If a hostname does not match any
-.Fa host_name
-in the file, but its domain exactly matches the
-.Fa domain_name
-field in a line of the second form, the corresponding
-.Fa kerberos_realm
-is the realm of the host.
-.Pp
-If no translation entry applies, the host's realm is considered to be
-the hostname's domain portion converted to upper case.
-.Sh SEE ALSO
-.Xr krb_realmofhost 3
diff --git a/kerberosIV/roken/get_window_size.c b/kerberosIV/roken/get_window_size.c
deleted file mode 100644
index 628efb5e824..00000000000
--- a/kerberosIV/roken/get_window_size.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* $OpenBSD: get_window_size.c,v 1.1 1998/08/12 23:36:41 art Exp $ */
-/* $KTH: get_window_size.c,v 1.6 1998/05/30 21:22:35 joda Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdlib.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <termios.h>
-
-int
-get_window_size(int fd, struct winsize *wp)
-{
- char *s;
- struct winsize tmp;
- int ret = -1;
-
- memset(wp, 0, sizeof(*wp));
- memset(&tmp, 0, sizeof(tmp));
- if((s = getenv("COLUMNS")))
- wp->ws_col = atoi(s);
- if((s = getenv("LINES")))
- wp->ws_row = atoi(s);
- if(wp->ws_col > 0 && wp->ws_row > 0)
- return 0;
-
-#if defined(TIOGCWINSZ)
- ret = ioctl(fd, TIOGCWINSZ, &tmp);
-#elif defined(TIOCGSIZE)
- {
- struct ttysize ts;
-
- ret = ioctl(fd, TIOCGSIZE, &ts);
- if(ret == 0) {
- tmp.ws_row = ts.ts_lines;
- tmp.ws_row = ts.ts_cols;
- tmp.ws_xpixel = 0;
- tmp.ws_ypixel = 0;
- }
- }
-#elif defined(HAVE__SCRSIZE)
- {
- int dst[2];
-
- _scrsize(dst);
- tmp.ws_row = dst[1];
- tmp.ws_col = dst[0];
- tmp.ws_xpixel = 0;
- tmp.ws_ypixel = 0;
- ret = 0;
- }
-#endif
- if(ret == 0) {
- if(wp->ws_col == 0) {
- wp->ws_col = tmp.ws_col;
- wp->ws_xpixel = tmp.ws_xpixel;
- }
- if(wp->ws_row == 0) {
- wp->ws_row = tmp.ws_row;
- wp->ws_ypixel = tmp.ws_ypixel;
- }
- }
- return ret;
-}
diff --git a/kerberosIV/roken/get_window_size.h b/kerberosIV/roken/get_window_size.h
deleted file mode 100644
index 26b3e4ec038..00000000000
--- a/kerberosIV/roken/get_window_size.h
+++ /dev/null
@@ -1,9 +0,0 @@
-#ifndef GET_WINDOW_SIZE_H
-#define GET_WINDOW_SIZE_H
-struct winsize {
- unsigned short ws_row, ws_col;
- unsigned short ws_xpixel, ws_ypixel;
-};
-
-int get_window_size(int fd, struct winsize *ws);
-#endif
diff --git a/kerberosIV/roken/getarg.c b/kerberosIV/roken/getarg.c
deleted file mode 100644
index d5081e5aa0e..00000000000
--- a/kerberosIV/roken/getarg.c
+++ /dev/null
@@ -1,530 +0,0 @@
-/* $OpenBSD: getarg.c,v 1.3 1998/08/16 20:54:49 art Exp $ */
-/* $KTH: getarg.c,v 1.18 1998/01/22 20:23:16 joda Exp $ */
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/param.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <ctype.h>
-#include "getarg.h"
-#include "get_window_size.h"
-
-extern const char *__progname;
-
-#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag)
-
-char *
-strupr(char *str)
-{
- char *s;
-
- for(s = str; *s; s++)
- *s = toupper(*s);
- return str;
-}
-
-int
-strcpy_truncate (char *dst, const char *src, size_t dst_sz)
-{
- int n;
- char *p;
-
- for (p = dst, n = 0;
- n + 1 < dst_sz && *src != '\0';
- ++p, ++src, ++n)
- *p = *src;
- *p = '\0';
- if (*src == '\0')
- return n;
- else
- return dst_sz;
-}
-
-int
-strcat_truncate(char *dst, const char *src, size_t dst_sz)
-{
- int len = strlen(dst);
-
- return len + strcpy_truncate(dst + len, src, MIN(dst_sz - len, dst_sz));
-}
-
-static size_t
-print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg)
-{
- const char *s;
-
- *string = '\0';
-
- if (ISFLAG(*arg))
- return 0;
-
- if(mdoc){
- if(longp)
- strcat_truncate(string, "= Ns", len);
- strcat_truncate(string, " Ar ", len);
- }else
- if (longp)
- strcat_truncate (string, "=", len);
- else
- strcat_truncate (string, " ", len);
-
- if (arg->arg_help)
- s = arg->arg_help;
- else if (arg->type == arg_integer)
- s = "number";
- else if (arg->type == arg_string)
- s = "string";
- else
- s = "<undefined>";
-
- strcat_truncate(string, s, len);
- return 1 + strlen(s);
-}
-
-static void
-mandoc_template(struct getargs *args,
- size_t num_args,
- const char *extra_string)
-{
- int i;
- char timestr[64], cmd[64];
- char buf[128];
- const char *p;
- time_t t;
-
- printf(".\\\" Things to fix:\n");
- printf(".\\\" * correct section, and operating system\n");
- printf(".\\\" * remove Op from mandatory flags\n");
- printf(".\\\" * use better macros for arguments (like .Pa for files)\n");
- printf(".\\\"\n");
- t = time(NULL);
- strftime(timestr, sizeof(timestr), "%b %d, %Y", localtime(&t));
- printf(".Dd %s\n", timestr);
- p = strrchr(__progname, '/');
- if(p) p++; else p = __progname;
- strncpy(cmd, p, sizeof(cmd));
- cmd[sizeof(cmd)-1] = '\0';
- strupr(cmd);
-
- printf(".Dt %s SECTION\n", cmd);
- printf(".Os OPERATING_SYSTEM\n");
- printf(".Sh NAME\n");
- printf(".Nm %s\n", p);
- printf(".Nd\n");
- printf("in search of a description\n");
- printf(".Sh SYNOPSIS\n");
- printf(".Nm\n");
- for(i = 0; i < num_args; i++){
- /* we seem to hit a limit on number of arguments if doing
- short and long flags with arguments -- split on two lines */
- if(ISFLAG(args[i]) ||
- args[i].short_name == 0 || args[i].long_name == NULL) {
- printf(".Op ");
-
- if(args[i].short_name) {
- print_arg(buf, sizeof(buf), 1, 0, args + i);
- printf("Fl %c%s", args[i].short_name, buf);
- if(args[i].long_name)
- printf(" | ");
- }
- if(args[i].long_name) {
- print_arg(buf, sizeof(buf), 1, 1, args + i);
- printf("Fl -%s%s", args[i].long_name, buf);
- }
- printf("\n");
- } else {
- print_arg(buf, sizeof(buf), 1, 0, args + i);
- printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf);
- print_arg(buf, sizeof(buf), 1, 1, args + i);
- printf(".Fl -%s%s Oc\n.Xc\n", args[i].long_name, buf);
- }
- /*
- if(args[i].type == arg_strings)
- fprintf (stderr, "...");
- */
- }
- if (extra_string && *extra_string)
- printf (".Ar %s\n", extra_string);
- printf(".Sh DESCRIPTION\n");
- printf("Supported options:\n");
- printf(".Bl -tag -width Ds\n");
- for(i = 0; i < num_args; i++){
- printf(".It Xo\n");
- if(args[i].short_name){
- printf(".Fl %c", args[i].short_name);
- print_arg(buf, sizeof(buf), 1, 0, args + i);
- printf("%s", buf);
- if(args[i].long_name)
- printf(" Ns ,");
- printf("\n");
- }
- if(args[i].long_name){
- printf(".Fl -%s", args[i].long_name);
- print_arg(buf, sizeof(buf), 1, 1, args + i);
- printf("%s\n", buf);
- }
- printf(".Xc\n");
- if(args[i].help)
- printf("%s\n", args[i].help);
- /*
- if(args[i].type == arg_strings)
- fprintf (stderr, "...");
- */
- }
- printf(".El\n");
- printf(".\\\".Sh ENVIRONMENT\n");
- printf(".\\\".Sh FILES\n");
- printf(".\\\".Sh EXAMPLES\n");
- printf(".\\\".Sh DIAGNOSTICS\n");
- printf(".\\\".Sh SEE ALSO\n");
- printf(".\\\".Sh STANDARDS\n");
- printf(".\\\".Sh HISTORY\n");
- printf(".\\\".Sh AUTHORS\n");
- printf(".\\\".Sh BUGS\n");
-}
-
-static int
-check_column(FILE *f, int col, int len, int columns)
-{
- if(col + len > columns) {
- fprintf(f, "\n");
- col = fprintf(f, " ");
- }
- return col;
-}
-
-void
-arg_printusage (struct getargs *args,
- size_t num_args,
- const char *extra_string)
-{
- int i;
- size_t max_len = 0;
- char buf[128];
- int col = 0, columns;
- struct winsize ws;
-
- if(getenv("GETARGMANDOC")){
- mandoc_template(args, num_args, extra_string);
- return;
- }
- if(get_window_size(2, &ws) == 0)
- columns = ws.ws_col;
- else
- columns = 80;
- col = 0;
- col += fprintf (stderr, "Usage: %s", __progname);
- for (i = 0; i < num_args; ++i) {
- size_t len = 0;
-
- if (args[i].long_name) {
- buf[0] = '\0';
- strcat_truncate(buf, "[--", sizeof(buf));
- len += 2;
- if(args[i].type == arg_negative_flag) {
- strcat_truncate(buf, "no-", sizeof(buf));
- len += 3;
- }
- strcat_truncate(buf, args[i].long_name, sizeof(buf));
- len += strlen(args[i].long_name);
- len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf),
- 0, 1, &args[i]);
- strcat_truncate(buf, "]", sizeof(buf));
- if(args[i].type == arg_strings)
- strcat_truncate(buf, "...", sizeof(buf));
- col = check_column(stderr, col, strlen(buf) + 1, columns);
- col += fprintf(stderr, " %s", buf);
- }
- if (args[i].short_name) {
- snprintf(buf, sizeof(buf), "[-%c", args[i].short_name);
- len += 2;
- len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf),
- 0, 0, &args[i]);
- strcat_truncate(buf, "]", sizeof(buf));
- if(args[i].type == arg_strings)
- strcat_truncate(buf, "...", sizeof(buf));
- col = check_column(stderr, col, strlen(buf) + 1, columns);
- col += fprintf(stderr, " %s", buf);
- }
- if (args[i].long_name && args[i].short_name)
- len += 2; /* ", " */
- max_len = MAX(max_len, len);
- }
- if (extra_string) {
- col = check_column(stderr, col, strlen(extra_string) + 1, columns);
- fprintf (stderr, " %s\n", extra_string);
- } else
- fprintf (stderr, "\n");
- for (i = 0; i < num_args; ++i) {
- if (args[i].help) {
- size_t count = 0;
-
- if (args[i].short_name) {
- count += fprintf (stderr, "-%c", args[i].short_name);
- print_arg (buf, sizeof(buf), 0, 0, &args[i]);
- count += fprintf(stderr, "%s", buf);
- }
- if (args[i].short_name && args[i].long_name)
- count += fprintf (stderr, ", ");
- if (args[i].long_name) {
- count += fprintf (stderr, "--");
- if (args[i].type == arg_negative_flag)
- count += fprintf (stderr, "no-");
- count += fprintf (stderr, "%s", args[i].long_name);
- print_arg (buf, sizeof(buf), 0, 1, &args[i]);
- count += fprintf(stderr, "%s", buf);
- }
- while(count++ <= max_len)
- putc (' ', stderr);
- fprintf (stderr, "%s\n", args[i].help);
- }
- }
-}
-
-static void
-add_string(getarg_strings *s, char *value)
-{
- char **temp;
-
- temp = realloc(s->strings, (s->num_strings + 1) * sizeof(*s->strings));
- if (temp == NULL){
- free (s->strings);
- err(1, "realloc:");
- }
- s->strings = temp;
-
- s->strings[s->num_strings] = value;
- s->num_strings++;
-}
-
-static int
-arg_match_long(struct getargs *args, size_t num_args,
- char *argv)
-{
- int i;
- char *optarg = NULL;
- int negate = 0;
- int partial_match = 0;
- struct getargs *partial = NULL;
- struct getargs *current = NULL;
- int argv_len;
- char *p;
-
- argv_len = strlen(argv);
- p = strchr (argv, '=');
- if (p != NULL)
- argv_len = p - argv;
-
- for (i = 0; i < num_args; ++i) {
- if(args[i].long_name) {
- int len = strlen(args[i].long_name);
- char *p = argv;
- int p_len = argv_len;
- negate = 0;
-
- for (;;) {
- if (strncmp (args[i].long_name, p, p_len) == 0) {
- if(p_len == len)
- current = &args[i];
- else {
- ++partial_match;
- partial = &args[i];
- }
- optarg = p + p_len;
- } else if (ISFLAG(args[i]) && strncmp (p, "no-", 3) == 0) {
- negate = !negate;
- p += 3;
- p_len -= 3;
- continue;
- }
- break;
- }
- if (current)
- break;
- }
- }
- if (current == NULL)
- if (partial_match == 1)
- current = partial;
- else
- return ARG_ERR_NO_MATCH;
-
- if(*optarg == '\0' && !ISFLAG(*current))
- return ARG_ERR_NO_MATCH;
- switch(current->type){
- case arg_integer:
- {
- int tmp;
- if(sscanf(optarg + 1, "%d", &tmp) != 1)
- return ARG_ERR_BAD_ARG;
- *(int*)current->value = tmp;
- return 0;
- }
- case arg_string:
- {
- *(char**)current->value = optarg + 1;
- return 0;
- }
- case arg_strings:
- {
- add_string((getarg_strings*)current->value, optarg + 1);
- return 0;
- }
- case arg_flag:
- case arg_negative_flag:
- {
- int *flag = current->value;
- if(*optarg == '\0' ||
- strcmp(optarg + 1, "yes") == 0 ||
- strcmp(optarg + 1, "true") == 0){
- *flag = !negate;
- return 0;
- } else if (*optarg && strcmp(optarg + 1, "maybe") == 0) {
- *flag = rand() & 1;
- } else {
- *flag = negate;
- return 0;
- }
- return ARG_ERR_BAD_ARG;
- }
- default:
- abort ();
- }
-}
-
-int
-getarg(struct getargs *args, size_t num_args,
- int argc, char **argv, int *optind)
-{
- int i, j, k;
- int ret = 0;
-
- srand (time(NULL));
- (*optind)++;
- for(i = *optind; i < argc; i++) {
- if(argv[i][0] != '-')
- break;
- if(argv[i][1] == '-'){
- if(argv[i][2] == 0){
- i++;
- break;
- }
- ret = arg_match_long (args, num_args, argv[i] + 2);
- if(ret)
- return ret;
- }else{
- for(j = 1; argv[i][j]; j++) {
- for(k = 0; k < num_args; k++) {
- char *optarg;
- if(args[k].short_name == 0)
- continue;
- if(argv[i][j] == args[k].short_name){
- if(args[k].type == arg_flag){
- *(int*)args[k].value = 1;
- break;
- }
- if(args[k].type == arg_negative_flag){
- *(int*)args[k].value = 0;
- break;
- }
- if(argv[i][j + 1])
- optarg = &argv[i][j + 1];
- else{
- i++;
- optarg = argv[i];
- }
- if(optarg == NULL)
- return ARG_ERR_NO_ARG;
- if(args[k].type == arg_integer){
- int tmp;
- if(sscanf(optarg, "%d", &tmp) != 1)
- return ARG_ERR_BAD_ARG;
- *(int*)args[k].value = tmp;
- goto out;
- }else if(args[k].type == arg_string){
- *(char**)args[k].value = optarg;
- goto out;
- }else if(args[k].type == arg_strings){
- add_string((getarg_strings*)args[k].value, optarg);
- goto out;
- }
- return ARG_ERR_BAD_ARG;
- }
-
- }
- if (k == num_args)
- return ARG_ERR_NO_MATCH;
- }
- out:;
- }
- }
- *optind = i;
- return 0;
-}
-
-#if TEST
-int foo_flag = 2;
-int flag1 = 0;
-int flag2 = 0;
-int bar_int;
-char *baz_string;
-
-struct getargs args[] = {
- { NULL, '1', arg_flag, &flag1, "one", NULL },
- { NULL, '2', arg_flag, &flag2, "two", NULL },
- { "foo", 'f', arg_negative_flag, &foo_flag, "foo", NULL },
- { "bar", 'b', arg_integer, &bar_int, "bar", "seconds"},
- { "baz", 'x', arg_string, &baz_string, "baz", "name" },
-};
-
-int main(int argc, char **argv)
-{
- int optind = 0;
- while(getarg(args, 5, argc, argv, &optind))
- printf("Bad arg: %s\n", argv[optind]);
- printf("flag1 = %d\n", flag1);
- printf("flag2 = %d\n", flag2);
- printf("foo_flag = %d\n", foo_flag);
- printf("bar_int = %d\n", bar_int);
- printf("baz_flag = %s\n", baz_string);
- arg_printusage (args, 5, "nothing here");
-}
-#endif
diff --git a/kerberosIV/roken/getarg.h b/kerberosIV/roken/getarg.h
deleted file mode 100644
index f078f523f97..00000000000
--- a/kerberosIV/roken/getarg.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/* $OpenBSD: getarg.h,v 1.1 1998/05/18 01:43:07 art Exp $ */
-/* $KTH: getarg.h,v 1.4 1997/08/08 22:40:12 joda Exp $ */
-/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __GETARG_H__
-#define __GETARG_H__
-
-#include <stddef.h>
-
-struct getargs{
- const char *long_name;
- char short_name;
- enum { arg_integer, arg_string, arg_flag, arg_negative_flag, arg_strings } type;
- void *value;
- const char *help;
- const char *arg_help;
-};
-
-enum {
- ARG_ERR_NO_MATCH = 1,
- ARG_ERR_BAD_ARG,
- ARG_ERR_NO_ARG
-};
-
-typedef struct getarg_strings {
- int num_strings;
- char **strings;
-} getarg_strings;
-
-int getarg(struct getargs *args, size_t num_args,
- int argc, char **argv, int *optind);
-
-void arg_printusage (struct getargs *args,
- size_t num_args,
- const char *extra_string);
-
-#endif /* __GETARG_H__ */
diff --git a/kerberosIV/roken/parse_time.c b/kerberosIV/roken/parse_time.c
deleted file mode 100644
index 94241568346..00000000000
--- a/kerberosIV/roken/parse_time.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* $OpenBSD: parse_time.c,v 1.1 1998/05/18 01:22:47 art Exp $ */
-/* $KTH: parse_time.c,v 1.4 1998/02/20 07:51:44 assar Exp $ */
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <parse_units.h>
-#include "parse_time.h"
-
-static units time_units[] = {
- {"year", 365 * 24 * 60 * 60},
- {"month", 30 * 24 * 60 * 60},
- {"week", 7 * 24 * 60 * 60},
- {"day", 24 * 60 * 60},
- {"hour", 60 * 60},
- {"h", 60 * 60},
- {"minute", 60},
- {"m", 60},
- {"second", 1},
- {"s", 1},
- {NULL, 0},
-};
-
-int
-parse_time (const char *s, const char *def_unit)
-{
- return parse_units (s, time_units, def_unit);
-}
-
-size_t
-unparse_time (int t, char *s, size_t len)
-{
- return unparse_units (t, time_units, s, len);
-}
-
-size_t
-unparse_time_approx (int t, char *s, size_t len)
-{
- return unparse_units_approx (t, time_units, s, len);
-}
-
-void
-print_time_table (FILE *f)
-{
- print_units_table (time_units, f);
-}
diff --git a/kerberosIV/roken/parse_time.h b/kerberosIV/roken/parse_time.h
deleted file mode 100644
index 57e9ec6b44c..00000000000
--- a/kerberosIV/roken/parse_time.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/* $OpenBSD: parse_time.h,v 1.1 1998/05/18 01:22:48 art Exp $ */
-/* $KTH: parse_time.h,v 1.3 1998/02/20 07:51:55 assar Exp $ */
-/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __PARSE_TIME_H__
-#define __PARSE_TIME_H__
-
-int
-parse_time (const char *s, const char *def_unit);
-
-size_t
-unparse_time (int t, char *s, size_t len);
-
-size_t
-unparse_time_approx (int t, char *s, size_t len);
-
-void
-print_time_table (FILE *f);
-
-#endif /* __PARSE_TIME_H__ */
diff --git a/kerberosIV/roken/parse_units.c b/kerberosIV/roken/parse_units.c
deleted file mode 100644
index d53109bb7dd..00000000000
--- a/kerberosIV/roken/parse_units.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/* $OpenBSD: parse_units.c,v 1.1 1998/05/18 01:22:48 art Exp $ */
-/* $KTH: parse_units.c,v 1.6 1998/02/20 07:51:04 assar Exp $ */
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include "parse_units.h"
-
-/*
- * Parse string in `s' according to `units' and return value.
- * def_unit defines the default unit.
- */
-
-static int
-parse_something (const char *s, const struct units *units,
- const char *def_unit,
- int (*func)(int res, int val, unsigned mult),
- int init,
- int accept_no_val_p)
-{
- const char *p;
- int res = init;
- unsigned def_mult = 1;
-
- if (def_unit != NULL) {
- const struct units *u;
-
- for (u = units; u->name; ++u) {
- if (strcasecmp (u->name, def_unit) == 0) {
- def_mult = u->mult;
- break;
- }
- }
- if (u->name == NULL)
- return -1;
- }
-
- p = s;
- while (*p) {
- double val;
- char *next;
- const struct units *u, *partial_unit;
- size_t u_len;
- unsigned partial;
-
- while(isspace(*p) || *p == ',')
- ++p;
-
- val = strtod (p, &next); /* strtol(p, &next, 0); */
- if (val == 0 && p == next) {
- if(accept_no_val_p)
- val = 1;
- else
- return -1;
- }
- p = next;
- while (isspace(*p))
- ++p;
- if (*p == '\0') {
- res = (*func)(res, val, def_mult);
- if (res < 0)
- return res;
- break;
- } else if (*p == '+') {
- ++p;
- } else if (*p == '-') {
- ++p;
- val = -1;
- }
- u_len = strcspn (p, ", \t");
- partial = 0;
- partial_unit = NULL;
- if (u_len > 1 && p[u_len - 1] == 's')
- --u_len;
- for (u = units; u->name; ++u) {
- if (strncasecmp (p, u->name, u_len) == 0) {
- if (u_len == strlen (u->name)) {
- p += u_len;
- res = (*func)(res, val, u->mult);
- if (res < 0)
- return res;
- break;
- } else {
- ++partial;
- partial_unit = u;
- }
- }
- }
- if (u->name == NULL) {
- if (partial == 1) {
- p += u_len;
- res = (*func)(res, val, partial_unit->mult);
- if (res < 0)
- return res;
- } else {
- return -1;
- }
- }
- if (*p == 's')
- ++p;
- }
- return res;
-}
-
-/*
- * The string consists of a sequence of `n unit'
- */
-
-static int
-acc_units(int res, int val, unsigned mult)
-{
- return res + val * mult;
-}
-
-int
-parse_units (const char *s, const struct units *units,
- const char *def_unit)
-{
- return parse_something (s, units, def_unit, acc_units, 0, 0);
-}
-
-/*
- * The string consists of a sequence of `[+-]flag'. `orig' consists
- * the original set of flags, those are then modified and returned as
- * the function value.
- */
-
-static int
-acc_flags(int res, int val, unsigned mult)
-{
- if(val == 1)
- return res | mult;
- else if(val == -1)
- return res & ~mult;
- else
- return -1;
-}
-
-int
-parse_flags (const char *s, const struct units *units,
- int orig)
-{
- return parse_something (s, units, NULL, acc_flags, orig, 1);
-}
-
-/*
- * Return a string representation according to `units' of `num' in `s'
- * with maximum length `len'. The actual length is the function value.
- */
-
-static size_t
-unparse_something (int num, const struct units *units, char *s, size_t len,
- int (*print) (char *s, size_t len, int div,
- const char *name, int rem),
- int (*update) (int in, unsigned mult),
- const char *zero_string)
-{
- const struct units *u;
- size_t ret = 0, tmp;
-
- if (num == 0)
- return snprintf (s, len, "%s", zero_string);
-
- for (u = units; num > 0 && u->name; ++u) {
- int div;
-
- div = num / u->mult;
- if (div) {
- num = (*update) (num, u->mult);
- tmp = (*print) (s, len, div, u->name, num);
-
- len -= tmp;
- s += tmp;
- ret += tmp;
- }
- }
- return ret;
-}
-
-static int
-print_unit (char *s, size_t len, int div, const char *name, int rem)
-{
- return snprintf (s, len, "%u %s%s%s",
- div, name,
- div == 1 ? "" : "s",
- rem > 0 ? " " : "");
-}
-
-static int
-update_unit (int in, unsigned mult)
-{
- return in % mult;
-}
-
-static int
-update_unit_approx (int in, unsigned mult)
-{
- if (in / mult > 0)
- return 0;
- else
- return update_unit (in, mult);
-}
-
-size_t
-unparse_units (int num, const struct units *units, char *s, size_t len)
-{
- return unparse_something (num, units, s, len,
- print_unit,
- update_unit,
- "0");
-}
-
-size_t
-unparse_units_approx (int num, const struct units *units, char *s, size_t len)
-{
- return unparse_something (num, units, s, len,
- print_unit,
- update_unit_approx,
- "0");
-}
-
-#ifndef MAX
-#define MAX(a,b) (a)>(b)?(a):(b)
-#endif
-
-void
-print_units_table (const struct units *units, FILE *f)
-{
- const struct units *u, *u2;
- unsigned max_sz = 0;
-
- for (u = units; u->name; ++u) {
- max_sz = MAX(max_sz, strlen(u->name));
- }
-
- for (u = units; u->name;) {
- char buf[1024];
- const struct units *next;
-
- for (next = u + 1; next->name && next->mult == u->mult; ++next)
- ;
-
- if (next->name) {
- for (u2 = next;
- u2->name && u->mult % u2->mult != 0;
- ++u2)
- ;
- if (u2->name == NULL)
- --u2;
- unparse_units (u->mult, u2, buf, sizeof(buf));
- fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf);
- } else {
- fprintf (f, "1 %s\n", u->name);
- }
- u = next;
- }
-}
-
-static int
-print_flag (char *s, size_t len, int div, const char *name, int rem)
-{
- return snprintf (s, len, "%s%s", name, rem > 0 ? ", " : "");
-}
-
-static int
-update_flag (int in, unsigned mult)
-{
- return in - mult;
-}
-
-size_t
-unparse_flags (int num, const struct units *units, char *s, size_t len)
-{
- return unparse_something (num, units, s, len,
- print_flag,
- update_flag,
- "");
-}
-
-void
-print_flags_table (const struct units *units, FILE *f)
-{
- const struct units *u;
-
- for(u = units; u->name; ++u)
- fprintf(f, "%s%s", u->name, (u+1)->name ? ", " : "\n");
-}
diff --git a/kerberosIV/roken/parse_units.h b/kerberosIV/roken/parse_units.h
deleted file mode 100644
index 826edef0b57..00000000000
--- a/kerberosIV/roken/parse_units.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: parse_units.h,v 1.1 1998/05/18 01:22:49 art Exp $ */
-
-#ifndef __PARSE_UNITS_H__
-#define __PARSE_UNITS_H__
-
-#include <stdio.h>
-#include <stddef.h>
-
-struct units {
- const char *name;
- unsigned mult;
-};
-
-typedef struct units units;
-
-int
-parse_units (const char *s, const struct units *units,
- const char *def_unit);
-
-void
-print_units_table (const struct units *units, FILE *f);
-
-int
-parse_flags (const char *s, const struct units *units,
- int orig);
-
-size_t
-unparse_units (int num, const struct units *units, char *s, size_t len);
-
-size_t
-unparse_units_approx (int num, const struct units *units, char *s,
- size_t len);
-
-size_t
-unparse_flags (int num, const struct units *units, char *s, size_t len);
-
-void
-print_flags_table (const struct units *units, FILE *f);
-
-#endif /* __PARSE_UNITS_H__ */
diff --git a/kerberosIV/roken/resolve.c b/kerberosIV/roken/resolve.c
deleted file mode 100644
index 465496ff06b..00000000000
--- a/kerberosIV/roken/resolve.c
+++ /dev/null
@@ -1,319 +0,0 @@
-/* $OpenBSD: resolve.c,v 1.1 1998/08/12 23:45:13 art Exp $ */
-/* $KTH: resolve.c,v 1.16 1998/04/26 14:35:43 assar Exp $ */
-
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <arpa/nameser.h>
-#include <resolv.h>
-#include <stdlib.h>
-#include <string.h>
-#include "resolve.h"
-
-#define DECL(X) {#X, T_##X}
-
-static struct stot{
- char *name;
- int type;
-}stot[] = {
- DECL(A),
- DECL(NS),
- DECL(CNAME),
- DECL(PTR),
- DECL(MX),
- DECL(TXT),
- DECL(AFSDB),
- DECL(SRV),
- {NULL, 0}
-};
-
-int _resolve_debug;
-
-static int
-string_to_type(const char *name)
-{
- struct stot *p = stot;
- for(p = stot; p->name; p++)
- if(strcasecmp(name, p->name) == 0)
- return p->type;
- return -1;
-}
-
-
-void
-dns_free_data(struct dns_reply *r)
-{
- struct resource_record *rr;
- if(r->q.domain)
- free(r->q.domain);
- for(rr = r->head; rr;){
- struct resource_record *tmp = rr;
- if(rr->domain)
- free(rr->domain);
- if(rr->u.data)
- free(rr->u.data);
- rr = rr->next;
- free(tmp);
- }
- free (r);
-}
-
-static struct dns_reply*
-parse_reply(unsigned char *data, int len)
-{
- unsigned char *p;
- char host[128];
- int status;
-
- struct dns_reply *r;
- struct resource_record **rr;
-
- r = (struct dns_reply*)malloc(sizeof(struct dns_reply));
- if (r == NULL)
- return NULL;
- memset(r, 0, sizeof(struct dns_reply));
-
- p = data;
- memcpy(&r->h, p, sizeof(HEADER));
- p += sizeof(HEADER);
- status = dn_expand(data, data + len, p, host, sizeof(host));
- if(status < 0){
- dns_free_data(r);
- return NULL;
- }
- r->q.domain = strdup(host);
- if(r->q.domain == NULL) {
- dns_free_data(r);
- return NULL;
- }
- p += status;
- r->q.type = (p[0] << 8 | p[1]);
- p += 2;
- r->q.class = (p[0] << 8 | p[1]);
- p += 2;
- rr = &r->head;
- while(p < data + len){
- int type, class, ttl, size;
- status = dn_expand(data, data + len, p, host, sizeof(host));
- if(status < 0){
- dns_free_data(r);
- return NULL;
- }
- p += status;
- type = (p[0] << 8) | p[1];
- p += 2;
- class = (p[0] << 8) | p[1];
- p += 2;
- ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
- p += 4;
- size = (p[0] << 8) | p[1];
- p += 2;
- *rr = (struct resource_record*)calloc(1,
- sizeof(struct resource_record));
- if(*rr == NULL) {
- dns_free_data(r);
- return NULL;
- }
- (*rr)->domain = strdup(host);
- if((*rr)->domain == NULL) {
- dns_free_data(r);
- return NULL;
- }
- (*rr)->type = type;
- (*rr)->class = class;
- (*rr)->ttl = ttl;
- (*rr)->size = size;
- switch(type){
- case T_NS:
- case T_CNAME:
- case T_PTR:
- status = dn_expand(data, data + len, p, host, sizeof(host));
- if(status < 0){
- dns_free_data(r);
- return NULL;
- }
- (*rr)->u.txt = strdup(host);
- if((*rr)->u.txt == NULL) {
- dns_free_data(r);
- return NULL;
- }
- break;
- case T_MX:
- case T_AFSDB:{
- status = dn_expand(data, data + len, p + 2, host, sizeof(host));
- if(status < 0){
- dns_free_data(r);
- return NULL;
- }
- (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) +
- strlen(host));
- if((*rr)->u.mx == NULL) {
- dns_free_data(r);
- return NULL;
- }
- (*rr)->u.mx->preference = (p[0] << 8) | p[1];
- strcpy((*rr)->u.mx->domain, host);
- break;
- }
- case T_SRV:{
- status = dn_expand(data, data + len, p + 6, host, sizeof(host));
- if(status < 0){
- dns_free_data(r);
- return NULL;
- }
- (*rr)->u.srv =
- (struct srv_record*)malloc(sizeof(struct srv_record) +
- strlen(host));
- if((*rr)->u.srv == NULL) {
- dns_free_data(r);
- return NULL;
- }
- (*rr)->u.srv->priority = (p[0] << 8) | p[1];
- (*rr)->u.srv->weight = (p[2] << 8) | p[3];
- (*rr)->u.srv->port = (p[4] << 8) | p[5];
- strcpy((*rr)->u.srv->target, host);
- break;
- }
- case T_TXT:{
- (*rr)->u.txt = (char*)malloc(size + 1);
- if((*rr)->u.txt == NULL) {
- dns_free_data(r);
- return NULL;
- }
- strncpy((*rr)->u.txt, (char*)p + 1, *p);
- (*rr)->u.txt[*p] = 0;
- break;
- }
-
- default:
- (*rr)->u.data = (unsigned char*)malloc(size);
- if((*rr)->u.data == NULL) {
- dns_free_data(r);
- return NULL;
- }
- memcpy((*rr)->u.data, p, size);
- }
- p += size;
- rr = &(*rr)->next;
- }
- *rr = NULL;
- return r;
-}
-
-struct dns_reply *
-dns_lookup(const char *domain, const char *type_name)
-{
- unsigned char reply[1024];
- int len;
- int type;
- struct dns_reply *r = NULL;
- u_long old_options = 0;
-
- type = string_to_type(type_name);
- if (_resolve_debug) {
- old_options = _res.options;
- _res.options |= RES_DEBUG;
- fprintf(stderr, "dns_lookup(%s, %s)\n", domain, type_name);
- }
- len = res_search(domain, C_IN, type, reply, sizeof(reply));
- if (_resolve_debug) {
- _res.options = old_options;
- fprintf(stderr, "dns_lookup(%s, %s) --> %d\n", domain, type_name, len);
- }
- if (len >= 0)
- r = parse_reply(reply, len);
- return r;
-}
-
-#ifdef TEST
-static char *
-type_to_string(int type)
-{
- struct stot *p = stot;
- for(p = stot; p->name; p++)
- if(type == p->type)
- return p->name;
- return NULL;
-}
-
-int
-main(int argc, char **argv)
-{
- struct dns_reply *r;
- struct resource_record *rr;
- r = dns_lookup(argv[1], argv[2]);
- if(r == NULL){
- printf("No reply.\n");
- return 1;
- }
- for(rr = r->head; rr;rr=rr->next){
- printf("%s %s %d ", rr->domain, type_to_string(rr->type), rr->ttl);
- switch(rr->type){
- case T_NS:
- printf("%s\n", (char*)rr->u.data);
- break;
- case T_A:
- printf("%d.%d.%d.%d\n",
- ((unsigned char*)rr->u.data)[0],
- ((unsigned char*)rr->u.data)[1],
- ((unsigned char*)rr->u.data)[2],
- ((unsigned char*)rr->u.data)[3]);
- break;
- case T_MX:
- case T_AFSDB:{
- struct mx_record *mx = (struct mx_record*)rr->u.data;
- printf("%d %s\n", mx->preference, mx->domain);
- break;
- }
- case T_SRV:{
- struct srv_record *srv = (struct srv_record*)rr->u.data;
- printf("%d %d %d %s\n", srv->priority, srv->weight,
- srv->port, srv->target);
- break;
- }
- default:
- printf("\n");
- break;
- }
- }
-
- return 0;
-}
-#endif
diff --git a/kerberosIV/roken/resolve.h b/kerberosIV/roken/resolve.h
deleted file mode 100644
index c70e52eac0e..00000000000
--- a/kerberosIV/roken/resolve.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/* $OpenBSD: resolve.h,v 1.1 1998/08/12 23:45:14 art Exp $ */
-/* $KTH: resolve.h,v 1.6 1998/03/04 17:37:11 joda Exp $ */
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __RESOLVE_H__
-#define __RESOLVE_H__
-
-/* We use these, but they are not always present in <arpa/nameser.h> */
-
-#ifndef T_TXT
-#define T_TXT 16
-#endif
-#ifndef T_AFSDB
-#define T_AFSDB 18
-#endif
-#ifndef T_SRV
-#define T_SRV 33
-#endif
-
-struct dns_query{
- char *domain;
- unsigned type;
- unsigned class;
-};
-
-struct mx_record{
- unsigned preference;
- char domain[1];
-};
-
-struct srv_record{
- unsigned priority;
- unsigned weight;
- unsigned port;
- char target[1];
-};
-
-struct resource_record{
- char *domain;
- unsigned type;
- unsigned class;
- unsigned ttl;
- unsigned size;
- union {
- void *data;
- struct mx_record *mx;
- struct mx_record *afsdb; /* mx and afsdb are identical */
- struct srv_record *srv;
- struct in_addr *a;
- char *txt;
- }u;
- struct resource_record *next;
-};
-
-#ifndef T_A /* XXX if <arpa/nameser.h> isn't included */
-typedef int HEADER; /* will never be used */
-#endif
-
-struct dns_reply{
- HEADER h;
- struct dns_query q;
- struct resource_record *head;
-};
-
-
-struct dns_reply* dns_lookup(const char *, const char *);
-
-void dns_free_data(struct dns_reply *r);
-
-#endif /* __RESOLVE_H__ */
diff --git a/kerberosIV/roken/simple_exec.c b/kerberosIV/roken/simple_exec.c
deleted file mode 100644
index fe8766f712d..00000000000
--- a/kerberosIV/roken/simple_exec.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* $OpenBSD: simple_exec.c,v 1.1 1998/08/12 23:53:53 art Exp $ */
-/* $KTH: simple_exec.c,v 1.1 1998/03/19 19:41:19 joda Exp $ */
-
-/*
- * Copyright (c) 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#include <errno.h>
-
-#define EX_NOEXEC 126
-#define EX_NOTFOUND 127
-
-/* return values:
- -1 on `unspecified' system errors
- -2 on fork failures
- -3 on waitpid errors
- 0- is return value from subprocess
- 126 if the program couldn't be executed
- 127 if the program couldn't be found
- 128- is 128 + signal that killed subprocess
- */
-
-int
-simple_execvp(const char *file, char *const args[])
-{
- pid_t pid = fork();
- switch(pid){
- case -1:
- return -2;
- case 0:
- execvp(file, args);
- exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
- default:
- while(1) {
- int status;
- if(waitpid(pid, &status, 0) < 0) {
- return -3;
- }
- if(WIFSTOPPED(status))
- continue;
- if(WIFEXITED(status))
- return WEXITSTATUS(status);
- if(WIFSIGNALED(status))
- return WTERMSIG(status) + 128;
- }
- }
-}
-
-int
-simple_execlp(const char *file, ...)
-{
- va_list ap;
- char **argv;
- int argc, i;
-
- argc = i = 0;
- va_start(ap, file);
- do {
- if(i == argc) {
- char **tmp = realloc(argv, (argc + 5) * sizeof(*argv));
- if(tmp == NULL) {
- errno = ENOMEM;
- return -1;
- }
- argv = tmp;
- argc += 5;
- }
- argv[i++] = va_arg(ap, char*);
- } while(argv[i - 1] != NULL);
- va_end(ap);
- i = simple_execvp(file, argv);
- free(argv);
- return i;
-}
diff --git a/kerberosIV/roken/simple_exec.h b/kerberosIV/roken/simple_exec.h
deleted file mode 100644
index e22e33423fb..00000000000
--- a/kerberosIV/roken/simple_exec.h
+++ /dev/null
@@ -1,7 +0,0 @@
-#ifndef SIMPLE_EXEC_H
-#define SIMPLE_EXEC_H
-
-int simple_execvp(const char *file, char *const args[]);
-int simple_execlp(const char *file, ...);
-
-#endif